A defence has been found against the so-called Petya virus attempting to cripple Microsoft Windows-based networks across the globe, although experts say it must be applied to each computer individually and will not kill the bug altogether.
The virus, initially thought to be a resurgent version of a ransomware called Petya, started spreading from Ukraine on Tuesday and has since affected more than 12,000 machines in 64 countries around the world. The ransomware locks down an affected user's hard drive and demands $300 in Bitcoins to unlock the computer. However, experts say the payment demands do not work, and that the virus is primarily focused on destroying data.
Security expert Brian O'Higgins says the virus is a "disaster" for corporate networks. "If it gets in, it spreads everywhere," he told CTV News Channel on Wednesday. "This is just designed to spread as fast as it can and do as much damage (as possible)."
Security researchers say the virus can be kept at bay by creating a blank, read-only file named "perfc" in any PC's Windows folder. The procedure is fairly simple for IT professionals or computer-savvy individuals to follow.
"It's kind of a cute fix," O'Higgins said. "It seems to work very well, according to all reports."
But security experts say the vaccine is only a temporary fix that doesn't address the root of the problem.
"A lot of people are calling it a killswitch, but ultimately it is just a vaccine," cybersecurity expert Daniel Smith told CTV News Channel. "It is not a silver bullet."
O'Higgins says the "perfc" vaccine can protect an individual user's computer, but it doesn't stop the virus from spreading to other users on the network.
He says the best way for individuals to stay safe is to update their operating systems and avoid using a corporate network, if at all possible. "If you have a machine and you can avoid plugging it into your corporate network, I would wait a day," he said.
Smith says the single email address linked to the virus has been shut down, so there is essentially nothing anyone can do to recover their data if their computer is infected.
"It ultimately left the victims in a position where they could not communicate with the author, even if they wanted to make a payment," he said.
O'Higgins echoed Smith's concerns for those affected by the virus. "If your files aren't encrypted and you don't have a backup, you're toast."
Origins of the virus
Experts say that although the virus is being referred to as Petya, that's not exactly accurate. The virus currently wreaking havoc around the world includes code from an older virus called Petya, but is apparently not the same thing. That's led to such names for it as NotPetya, SortaPetya and Petna.
Regardless of the name, Smith says it's likely an evolution of the first Petya virus created by a dark web group called Janus Cybercrime Solutions. The group was behind the original Petya and a second version of the bug, dubbed GoldenEye.
"Ultimately, a lot of signs point to the Janus syndicate group," Smith said.
Smith and O'Higgins both compared the virus to WannaCry, the virus that caused major problems around the globe last month. The virus was ultimately stopped by a man who found a global killswitch in the virus code. But no such killswitch has been identified in the current outbreak.
O'Higgins called the current virus a "new and improved and much more lethal version" of WannaCry. "It uses the same vulnerability to enter, but WannaCry had a lot of flaws and people found them, and found a real killswitch and shut it down entirely. This does not have the WannaCry flaws."
O'Higgins says the current outbreak should not have happened, because system administrators should have patched their systems after the WannaCry outbreak.
It got through the vulnerability that was discovered last month," he said. "If everyone patched, we would not have a problem.
"I wish we would learn."
