Support for Ukraine



Blog Archive



Petya Ransomware Locks the Hard Drive

Full Story Blog Post Saturday, March 26, 2016 in Security   View No Comments No Comments
Security
A new form of ransomware is making the rounds and this new breed does more than just encrypt your files.

Petya ransomware encrypts entire hard drives, an unusual behavior compared to that of other malware families such as Locky, CryptoWall or TeslaCrypt, which encrypt individual files.

This form of ransomware is designed to infect companies rather than individuals. It is distributed via a Dropbox download link to an alleged job application portfolio, included in an email sent to human resources departments.

The payload is designed to crash the computer with a blue screen and then on a reboot the malware manipulates the Master Boot Record (MBR) in order to take over the reboot process.

In addition to informing users they have been compromised, the ransom note provides them with details on how they can obtain a decryption key and how they can pay for it.

You can see the operation of the malware in the below video: