New
#21
This was not ransomware....more than likely industrial espionage....why would the perpetrator leave an easily traceable calling address?
This has already been shut down.....so financial gain was not the motive.
Does anyone know why that batch file inserts 3 perfc files whereas the manual fix just creates the file perfc (read only)? I've used a manual fix since Kaspersky Antivirus deletes perfc.dat created by the batch file.
I just ran Notepad as Admin, saved the empty file as c:\windows\perfc, then made two further copies of perfc and renamed them perfc.dll and perfc.dat. Finally I set them to be read only. Kaspersky antivirus doesn't object when you do it this way.
If you look at the link in the batchfile twitter.com/0xAmit/status/879778335286452224 various people are arguing about whether perfc (no extension), perfc.dat or perfc.dll are required. I guess the writer of the file stuck them all in to be on the safe side.
Either some curious kid in a back room seeing how clever he is.....or more worryingly a nation seeking superiority by paralysing vital industries, bringing countries to a standstill......most modern warfare is conducted using computerised technology, ie- aeroplanes, ships, missiles, orbiting space satellites etc.....all could be rendered completely ineffective......frightening isn't it.
Forgive me if this is a silly question, but how does the malware get into one's computer? Infected executable attachment, drive-by download, download via malicious link in an email..?