Petya ransomware skips the files and encrypts your hard drive instead

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Petya ransomware skips the files and encrypts your hard drive instead
Botnet Petya
Malware
Botnet/malware group Cryptolocker
Exploit kits
Services
Feature Encrypt MFT
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2016 / 2016-03-25
Editor/Conference Bleeping Computer
Link http://www.bleepingcomputer.com/news/security/petya-ransomware-skips-the-files-and-encrypts-your-hard-drive-instead/ (Archive copy)
Author Lawrence Abrams
Type Blogpost

Abstract

This ransomware is currently being distributed via emails that are targeting the human resources departments of German companies. These emails contain dropbox links to supposed applications that download a file that when executed will install the Petya Ransomware on the computer. An example filename for the installer is Bewerbungsmappe-gepackt.exe.

It is important to note that there is a lot of bad information on the web about how how to fix your computer when it has been encrypted by Petya. Many of these sites state that you can use the FixMBR command or repair your MBR to remove the infection. Though this will indeed remove the lock screen, it will not decrypt your MFT and thus your files and Windows will still be inaccessible. Only repair the MBR if you do not care about any lost data and want to reinstall Windows.

Bibtex

 @misc{Abrams2016BFR4913,
   editor = {Bleeping Computer},
   author = {Lawrence Abrams},
   title = {Petya ransomware skips the files and encrypts your hard drive instead},
   date = {25},
   month = Mar,
   year = {2016},
   howpublished = {\url{http://www.bleepingcomputer.com/news/security/petya-ransomware-skips-the-files-and-encrypts-your-hard-drive-instead/}},
 }