PETYA RANSOMWARE
ImageSource |
PETYA
_a whole new approach to
mess
things up !
PETYA is of a different from of ransomware. Instead of encrypting files one by one, it denies access to the full system and encrypts the whole hard drive all at once by tampering with the MBR and encrypting the MFT.
Petya writes the malicious code at the beginning of the disk. Then the affected system’s master boot record (MBR) is overwritten by the custom boot loader that loads a tiny malicious kernel. Then, this kernel proceeds with further encryption. The malware causes a system crash (Blue Screen of Death) and a system reboot.
This ransomware has targeted mostly business users, as it is distributed by emails pretending job applications. These email contains a link to DropBox to a file supposed to be resume. But actually contains an .exe file. Once the file gets clicked PETYA makes it’s way to the user’s PC.
Comments
Post a Comment