Petya ransomware reportedly encrypts hard drives, manipulates operating system boot process



Ransomware - malicious software used by cybercriminals to hold a user"s data for ransom by encrypting it until a payment is made - has become an increasingly prevalent threat to security. Earlier this month, the first type of ransomware to target Apple"s OS X operating system was discovered and in the following week, a malvertising campaign had distributed ransomware to unsuspecting users on the Internet.

Now a new type of ransomware, dubbed Petya, has been discovered that encrypts a user"s hard drive - instead of individual files - during an operating system"s boot process.

Petya is distributed via an email message that claims to be from someone seeking to be hired by a company; however, the message itself does not include any email attachments for a potential victim to download. Instead, it includes a hyperlink to a Trojan Horse masquerading as a résumé hosted by the legitimate cloud storage service Dropbox.



Once a user executes this Trojan Horse, Petya modifies the operating system"s master boot record (MBR) and causes it to crash. A user who restarts the affected machine will be presented with a screen that masquerades as Microsoft"s CHKDSK utility (shown above) that initiates Petya"s encryption process, in spite of the claim that disk errors are being repaired.



After Petya has completed the encryption process, a skull will appear on a rapidly flashing screen that instructs the victim to press a key to continue.



Petya will then inform the victim of what has occurred after the operating system crash and - like all ransomware - attempt to convince its victim into purchasing a recovery key to unlock the encrypted data.

In spite of Petya"s seriousness, video evidence suggests that it can be thwarted if a user is not operating with an administrator account. Users can also take measures to protect themselves by refusing to click on links in email messages from unknown sources and by keeping anti-malware software up-to-date.

Source: G DATA Software AG | Images: G DATA Software AG | Thanks to Thomas the Tank Engine from the forums!

Report a problem with article
Next Article

Microsoft publishes full list of keynotes and sessions for Build 2016 developer conference

Previous Article

This Weekend's PC Game Deals: Spring sales abound