Petya: Don’t Fall for a ‘Business Email’
- Tags: Petya
Cyberware criminals couldn’t get any more crooked when they designed Petya Ransomware. While infinite strains have already been developed in the Ransomware family, Petya is probably the most wicked one. Unlike other locker Ransomware, Petya overwrites master boot record (MRB) and encrypts master file table (MFT) so that files become unreadable. Petya Ransomware emerged in the beginning of this year and is still a menace for Windows users. It uses binary encryption, which would take place one after another and makes recovery hardly possible.
Like every other Ransomware variant, Petya also comes through spam emails. However, its executables are different and are likely to confuse any ordinary user. Crooks carefully transmit Petya via a so-called business email designed with a CV and photograph as the attachments. Originally, this CV is a self-extracting executable file that contains a hyperlink connected with Dropbox. When a user clicks on the file, the Trojan gets downloaded.
Once Petya is on a system, it writes the malicious code at the beginning of the disk. Perhaps, system’s master boot record (MRB) is overwritten, leading to Windows crash down into BSOD. BSOD stands for Blue Screen of Death error and is often displayed on Windows computers when a system crashes. When the user boots the system (which is actually prompted by hackers to further continue the attack), Petya encrypts master file table, making files unreadable.
Petya needs to execute two-step process in order to complete the attack. Level one, overwrites MRB and prompts users to boot Windows so that 2nd level can be implemented. Level one isn’t perilous enough as it doesn’t destroy data and if the system isn’t shut down, data recovery is likely possible.
However, Petya attack becomes full-fledged when system is booted. Now, the Trojan encrypts master file table (MFT) that changes file state to unreadable. This becomes the perfect moment for criminals to welcome victims to the world of Ransomware. Petya, now flashes a warning on the screen instead of a message. It gives restricted time period to pay ransom. Not paying the money in stated time results in ransom getting doubled.
While untold number of Ransomware strains have grown, no sure hack has been produced for it yet. However, when it comes to Petya, you can actually contain the attack from escalating. It is recommended not to shut down the PC after the first attack, rather you should mount the disk on another operating system and backup all files there. Thereafter, you should remove the virus with an authentic anti-malware software and take back your files to your system.
Apart from this, you should also regularly take backup of your data with any reliable software like Ransomware Protector. This will ensure there is no damage to your data and you don’t end up paying Ransomware to the criminals.
Hello! You can preview all your files here and get away with the clutter, right after you have selected and prompted the app to delete it.
Hello! You can preview all your files here and manage your data with a click. Simply preview, select and delete unwanted files!
Hello! All your data is categorized here, you can preview and manage it
You’ve landed on File Explorer were all your files are presented and managed with a click!