A new ransomware is able to take root in the MBR system and prevent it from starting. To protect themselves simply run the usual procedures.
We have said many times, the ransomware are probably the moment of malware. The reason is simple: a ransomware asks for a ransom of files taken hostage on the system, and probably represents the type of malicious software that provides the attacker gain a simpler and straightforward as possible. Once it takes root on the machine blocks some of the hard-disk data and asks for a ransom to ” liberate ” the key that is used for decoding of the same.
Lawrence Abrams of BleepingComputer has analyzed a new ransomware in circulation, known with the name of Petya. Its peculiarity is that it targets the entire drive boot the system with encryption and protects the MFT, the Master File Table, or the place of a disk formatted as NTFS in which all the information of each file or folder are recorded. Until now, Petya was delivered mainly to German agencies via e-mail through Dropbox links.
It is targeted especially the human-resource departments, whose employees are driven to the execution of the software. If you launch the Windows executable attachment warns of the potential hazard, but if the user proceeds with the installation Petya creeps into the MBR (Master Boot Record) of the computer, the system is restarted by running a fake CHKDSK of Windows, with the message: ” One of your disks contains errors and needs to be repaired. ”
Completed the sham operation, the software displays a screen depicting a skull in ASCII characters announcing that the user has become ” a victim of ransomware Petya “. Do not miss the usual information on the procedures to restore normal disk usage through some hidden services of the Tor network. In the case shown by Abrams attackers they had demanded about 0.9 Bitcoin, about €330 at current exchange rates, for the restoration of the system.
As reported by Abrams the only way to regain the hard-disk data would be to pay the assailants, though many sites claim that Petya can also be position following his installation correcting mistakes made in the MBR: ” This removes the lock screen, ” does note Abrams. ” But not decipher the MFT and your files and the Windows installation will remain inaccessible. The repair of the MBR is only useful if you do not care to recover lost files, and you are willing to reinstall Windows. ”
According to Fabian Scherschell of Heise Security encryption performed by Petya in its first stage is actually simply circumvented. If taken at this stage, the data can be easily recovered by booting the system from a different storage device. UEFI also Petya can simply damage to boot information, making it impossible to start the car but failing to decrypt any content stored in its local drive.