Israeli Discovers How to Block Ransomware Damaging Computers Worldwide

Amit Serper discovers a simple mechanism that prevents the malware from encrypting computers and spreading onwards

Jun 28, 2017 2:20 AM

Cybersecurity experts are nervous following two potential cyber attacks in the space of three days. — Reuters

Amit Serper, an Israeli researcher at the Cybereason company, discovered a way to block the activation of the ransom software that erupted Tuesday across the world, including in Israel.

>> Election results are in. Subscribe now - save 30%

The software, known as Petya, was first distributed using a software update for tax calculation in Ukraine, and then spread onwards, damaging a long line of organizations and companies in Europe, Israel and the U.S. Ransomware is often used as a means for making profits for hackers.

The most prominent hack until now was the distribution of WannaCry last month. The software made use of EternalBlue, one of the NSA's break-in tools that that was leaked by the ShadowBrokers group. The current ransomware hack also uses a tool leaked from the NSA to spread within Networks, together with another two means.

In contrast to the previous software, the current one doesn’t make to with encrypting specific files, but encrypts computers' Master Boot Record – the first part of the hard-disk to load when opening a computer. It holds information on the structure of the hard-disk and is used to upload the operating system.

Serper discovered that there's a way to stop the ransomware from activating and spreading itself. "When the malware begins working, it actually checks if it's run in the past and encrypted the folders, so not to encrypt them twice," he told Haaretz. "It searches for the name of the file that activated it, without the extension, inside the Windows folder."

According to Serper, if the ransomware finds the file (C:\windows\perfc), it uses it as a sign that the computer has already been attack, and therefore doesn’t activate the encryption.

In the past, in the case of a hack using the WannaCry software, a British researcher discovered that some of the software versions included a "kill switch" – a mechanism that prevents the software from being activated.

Serper said that this wasn’t the case with his discovery. "It's not exactly a 'kill switch,' but more of a vaccine," he said.

Oded Yaron

Haaretz Contributor

Comments

Sort comments by

Israeli Discovers How to Block Ransomware Damaging Computers Worldwide

Comments

ICYMI

Gigantic Prehistoric City Found in Israel During Roadworks

Fake Nazi Death Camp: Wikipedia’s Longest Hoax, Exposed

At This Surreal Event, Sara Netanyahu Was Only the Sidekick

The Jewish Dancer Undressed Slowly. Then She Shot an SS Soldier to Death

Archaeology Confirms Book of Genesis on Israel’s Arch-nemesis, the Edomites

This Tel Aviv Sex Shop Is Keeping It Kosher

Earliest Form of Writing May Have Been Found in Israel

Is Pakistan Preparing to Recognize Israel?

Trump and Netanyahu Just Broke the Special Relationship Between America and Israel

This Israeli Park Is Heaven on Earth

Israel Election 2019: LIVE UPDATES

Returning to Morocco, Israeli Finds Bubbling Culture and Missing Identity

Iran, Saudi Arabia's Proxy Wars Have a New Battlefield

Red Sea Diving Resort' Hits Netflix. Here's the Amazing Mossad Op Behind It

How Israel Systematically Hides Evidence of Brutal 1948 Expulsion of Arabs

Israel's Most Beautiful Mosaic Reveals Ancient Liberal Judaism

Jared Kushner's Plan for Palestine Is Even Crazier Than You Thought

How Christians Invented 'Judaism'

Haaretz 2019 Rich List Meet the Wealthiest People in Israel

Fleeing Iran's Modesty Police, Lingerie Model Ends Up on Paris Streets

Keep updated: Sign up to our newsletter

Please wait…

Thank you for signing up.

Oops. Something went wrong.

Thank you,

Comments

Thank you!

ICYMI