Petya ransomware skips the files and encrypts your hard drive instead
(Publication) Google search: [1]
| Petya ransomware skips the files and encrypts your hard drive instead | |
|---|---|
| Botnet | Petya |
| Malware | |
| Botnet/malware group | Cryptolocker |
| Exploit kits | |
| Services | |
| Feature | Encrypt MFT |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2016 / 2016-03-25 |
| Editor/Conference | Bleeping Computer |
| Link | http://www.bleepingcomputer.com/news/security/petya-ransomware-skips-the-files-and-encrypts-your-hard-drive-instead/ (Archive copy) |
| Author | Lawrence Abrams |
| Type | Blogpost |
Abstract
“ This ransomware is currently being distributed via emails that are targeting the human resources departments of German companies. These emails contain dropbox links to supposed applications that download a file that when executed will install the Petya Ransomware on the computer. An example filename for the installer is Bewerbungsmappe-gepackt.exe.
It is important to note that there is a lot of bad information on the web about how how to fix your computer when it has been encrypted by Petya. Many of these sites state that you can use the FixMBR command or repair your MBR to remove the infection. Though this will indeed remove the lock screen, it will not decrypt your MFT and thus your files and Windows will still be inaccessible. Only repair the MBR if you do not care about any lost data and want to reinstall Windows.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2016BFR4913,
editor = {Bleeping Computer},
author = {Lawrence Abrams},
title = {Petya ransomware skips the files and encrypts your hard drive instead},
date = {25},
month = Mar,
year = {2016},
howpublished = {\url{http://www.bleepingcomputer.com/news/security/petya-ransomware-skips-the-files-and-encrypts-your-hard-drive-instead/}},
}