PETYA RANSOMWARE

ImageSource
PETYA _a whole new approach to mess things up !

PETYA is of a different from of ransomware. Instead of encrypting files one by one, it denies access to the full system and encrypts the whole hard drive all at once by tampering with the MBR and encrypting the MFT.

Petya writes the malicious code at the beginning of the disk. Then the affected system’s master boot record (MBR) is overwritten by the custom boot loader that loads a tiny malicious kernel. Then, this kernel proceeds with further encryption. The malware causes a system crash (Blue Screen of Death) and a system reboot.

This ransomware has targeted mostly business users, as it is distributed by emails pretending job applications. These email contains a link to DropBox to a file supposed to be resume. But actually contains an .exe file. Once the file gets clicked PETYA makes it’s way to the user’s PC.

Comments

Post a Comment

Popular posts from this blog

SATANA RANSOMWARE

Image
SATANA Trojan encrypts files and corrupts windows Master Boot Record (MBR) thus blocking the Windows boot process. SATANA behaves quite similarly like the notorious PetyaRansomware . Image Source To encrypt PC files, PETYA relies on the help of a tagalong Trojan called Mischa, while SATANA manages tasks on its own. Once the ransomware start running it disappears, and hides under a different name in the %TEMP% folder. Then after it will always prompt the user to download a malicious file until they click yes. Once the action starts, the malicious code will be written to the beginning of disk. After it installs and runs its malicious code, SATANA then waits for the computer to reboot. But the system won’t start instead it will show a screen with the ransom note, like most ransomware.
Read more

WANNACRY RANSOMWARE

Image
ImageSource WannaCry One of the most prolific attacks ! WannaCry is an ongoing ransomware cyber attack, that holds your computer hostage until the  demanded ransom is paid. This Crypto Worm started its attack on 2017 May 12, and was reported to infect more than 2,30,000  PC in more than 150 countries. The malware attacks vulnerable operating systems running older v ersions of windows. Hackers used cyber tools stolen from the US National Security Agency to strike the attack. WannaCry encrypts and scrambles all the data in the infected computer, then the malware pops up with a screen displaying the ransom note and demanding fee payable in **Crypto Currency (BitCoins). The malware has now evolved into a new worm EternalRock, which does not have the “kill switch” like that of WannaCry.
Read more