Petya has recently been known as that nasty piece of ransomware that not only encrypts your files and holds them hostage in exchange for bitcoins, but also manipulates the booting process along the way. This makes it harder for victims to operate their computers, urging them even further to pay up.
In order for Petya to activate, a user must first grant the program administrator rights through the UAC security feature. If a user rejects the request query, the infection process will be terminated. However, the developers behind Petya have recently worked around this, releasing a new type of ransomware even if the user rejected the program access to the computer.
Called 'Mischa,' the ransomware acts as a backup malware program if the user suddenly stops the supposed Petya infection on a computer. "Unlike Petya, the Mischa Ransomware is your standard garden variety ransomware that encrypts your files and then demands a ransom payment to get the decryption key," according to Lawrence Abrams, founder of BleepingComputer.com.
As per usual, the malware is distributed via emails that look like job applications. Then, a user will be led into a cloud storage service which will then download a file similar to a file name like 'PDFBewerbungsmappe.exe.' Moreover, the file's icon is modified with a PDF image to make it look like the file really is a PDF file.
Once opened, Windows' UAC feature will ask the user if they want to grant the program privileges to make changes to the computer. If a user clicks 'Yes', the Petya ransomware will kick in. However, if the user clicks on 'No,' the other ransomware will initiate, as this operation will not require administrative privileges unlike the former, which takes the time to modify important computer files.
While ransomware already targets a lot of file extensions to deem a computer useless, Mischa goes the extra mile and even encrypts .exe files, taking away the ability for the user to launch executable files.
Mischa demands for 1.93 BTC, equal to $875, in order to decrypt a victim's computer.
As of the moment, there are no known methods to work around the ransomware, and whether there will be any will still remain to be seen, as these kinds of software have different types of programming, prompting many to just pay up and hope that their computer will return to normal.
Source and Images via Bleeping Computer
33 Comments - Add comment