New form of ransomware uses disk-level encryption to lock users out of their computers

Scary stuff…. gotta be on your ish online these days

Ransomware is bad enough in its current form, but a new variant of the malware has been discovered that is possibly worse than what we’ve seen before. The malicious software, called Petya, doesn’t just target individual files, it encrypts entire hard drives.
While the majority of ransomware is spread via email attachments or is hosted in sites and delivered by exploit kits, Petya has been found in emails containing hyperlinks to a Dropbox storage location (since removed by the company), making it appear more legitimate.

According to a Trend Micro blog post, the email masquerades as an application letter from someone seeking employment in a company. One of the links supposedly points at the applicant’s CV, but is actually a self-extracting executable file. This link downloads a Trojan which blinds any antivirus programs before downloading and executing Petya.
Once executed, Petya will overwrite the master boot record of the entire hard drive, triggering a critical Windows error – the dreaded Blue Screen of Death. When the machine is rebooted, the PC appears to perform a check disk operation but, during this time, Petya is actually encrypting the master file table (MFT), rendering the PC useless.
At this point, victims are presented with a lock screen and instructions on how to connect to TOR, visit a specific website and pay the fee, which is 0.99 bitcoins, or around $430. If the ransom is not paid within seven days the price doubles.
The attackers, who call themselves ‘Janus Cybercrime Solutions,’ say that attempting to fix the master boot record won’t decrypt the ransomware, and may result in the purchased decryption key not working.
So far, emails containing the Petya links have been aimed primarily at companies in Germany, but they could start reaching beyond the country’s borders. Researchers are still investigating this new form of ransomware, but there’s still no fix available.

via New form of ransomware uses disk-level encryption to lock users out of their computers – TechSpot

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s