Cybereason’s RansomFree Detects and Prevents NotPeyta Ransomware

Cybereason, developers of the most effective Total Protection Platform including EDR & NGAV, today announced that it has made available a new version of RansomFree, its award-winning free anti-ransomware tool. RansomFree 2.3.0.0 detects and prevents NotPeyta ransomware from executing on computers. RansomFree is the world’s most widely used free anti-ransomware tool with more than 350,000 small business and consumer users.

NotPetya encrypts files only after the machine is rebooted – unlike most ransomware that encrypts files as soon as it executes. NotPetya spreads throughout the network, extracts admin credentials, and schedules a task to reboot the machine. As soon as a victim reboots their machine, NotPetya overwrites the Master Boot Record (MBR) with a malicious payload that encrypts the full disk.

In related news, Cybereason’s Principal Security Researcher Amit Serper discovered a vaccination for NotPeyta that prevents the ransomware from running on any computer on which it is activated.

Follow Serper’s discovery on Twitter: https://twitter.com/0xAmit. To activate the kill switch, users must locate the C:Windows folder and create a file named perfc, with no extension name. This should kill the application before it begins encrypting any files.

Cybereason was the first cybersecurity company to develop a free anti-ransomware tool and it was made available in December, 2016. RansomFree stops more than 99 percent of ransomware variants from encrypting files. RansomFree uses behavioral and proprietary deception techniques to target the core behaviors typical in ransomware attacks. It is designed to block never-before-seen ransomware in order to protect organizations against emerging ransomware threats. Today, more than 350,000 small businesses…

Read the full article from the Source…

Leave a Reply

Your email address will not be published. Required fields are marked *