Israeli Discovers How to Block Ransomware Damaging Computers Worldwide

Amit Serper discovers a simple mechanism that prevents the malware from encrypting computers and spreading onwards

Jun 28, 2017 2:20 AM

Cybersecurity experts are nervous following two potential cyber attacks in the space of three days. — Reuters

Amit Serper, an Israeli researcher at the Cybereason company, discovered a way to block the activation of the ransom software that erupted Tuesday across the world, including in Israel.

The software, known as Petya, was first distributed using a software update for tax calculation in Ukraine, and then spread onwards, damaging a long line of organizations and companies in Europe, Israel and the U.S. Ransomware is often used as a means for making profits for hackers.

The most prominent hack until now was the distribution of WannaCry last month. The software made use of EternalBlue, one of the NSA's break-in tools that that was leaked by the ShadowBrokers group. The current ransomware hack also uses a tool leaked from the NSA to spread within Networks, together with another two means.

In contrast to the previous software, the current one doesn’t make to with encrypting specific files, but encrypts computers' Master Boot Record – the first part of the hard-disk to load when opening a computer. It holds information on the structure of the hard-disk and is used to upload the operating system.

Serper discovered that there's a way to stop the ransomware from activating and spreading itself. "When the malware begins working, it actually checks if it's run in the past and encrypted the folders, so not to encrypt them twice," he told Haaretz. "It searches for the name of the file that activated it, without the extension, inside the Windows folder."

According to Serper, if the ransomware finds the file (C:\windows\perfc), it uses it as a sign that the computer has already been attack, and therefore doesn’t activate the encryption.

In the past, in the case of a hack using the WannaCry software, a British researcher discovered that some of the software versions included a "kill switch" – a mechanism that prevents the software from being activated.

Serper said that this wasn’t the case with his discovery. "It's not exactly a 'kill switch,' but more of a vaccine," he said.

Oded Yaron

Haaretz Contributor

Comments

Sort comments by

Israeli Discovers How to Block Ransomware Damaging Computers Worldwide

Comments

ICYMI

Why a Wave of Suicides Washed Over Germany After the Nazi Defeat

Israelis Didn't Know They Were Committing a Massacre, and Didn't Care

I Escaped China's Gulags

Climate Change Could Make Russia Great Again

The Jewish Avengers Who Sought to Poison Six Million Germans for the Holocaust

How the Jews Invented the Goy

Chance Finding Changes Everything We Know About Biblical Israel

Ancient Church Dedicated to Mysterious Martyr Found Near Jerusalem

Mysterious UAE Cyber Firm Luring ex-Israeli Intel Officers With Astronomical Salaries

Gigantic Prehistoric City Found in Israel During Roadworks

Fake Nazi Death Camp: Wikipedia’s Longest Hoax, Exposed

At This Surreal Event, Sara Netanyahu Was Only the Sidekick

The Jewish Dancer Undressed Slowly. Then She Shot an SS Soldier to Death

Archaeology Confirms Book of Genesis on Israel’s Arch-nemesis, the Edomites

This Tel Aviv Sex Shop Is Keeping It Kosher

Earliest Form of Writing May Have Been Found in Israel

Is Pakistan Preparing to Recognize Israel?

Trump and Netanyahu Just Broke the Special Relationship Between America and Israel

This Israeli Park Is Heaven on Earth

Israel Election 2019: LIVE UPDATES

Keep updated: Sign up to our newsletter

Please wait…

Thank you for signing up.

Oops. Something went wrong.

Thank you,

Comments

Thank you!

ICYMI