Petya Ransomware

The latest ransomware to plague German companies is, a malware program called, Petya which overwrites the master boot record (MBR) of infected computers, leaving the operating systems in an un-bootable state.

Typically the master boot record code is stored in the first sectors of a hard disk drive. This code contains information about the disk’s partitions and enables the launching of the operating system’s boot loader. Without the MBR, the computer doesn’t recognize which partition contains the OS and how to start it.


Why is Petya ransomware different?

Petya is being distributed through spam emails that are camouflaged as job applications, suggesting that the ransomware targets businesses, particularly human resources departments.

Petya emails can be recognized by the included link to a shared Dropbox folder that contains a self-extracting archive posing as the applicant’s CV and a fake photograph. If the archive is downloaded and executed, the ransomware is installed. To be safe delete any job applications that contain any links to Dropbox.

The Petya malware will rewrite the computer’s MBR and trigger a critical Windows error that will cause the computer to reboot.

After the initial reboot, a fake Windows check disk operation will be displayed. During this step, the ransomware encrypts the master file table. This contains information about every other file and they are mapped to the hard disk segments.

After the MFT encryption is done, Petya will display the ransom message accompanied by a skull drawn in ASCII characters. The message instructs victims to access a decryption site on the Tor anonymity network and provides them with a unique code that identifies their PC.

The ransom for the key to decrypt the master file table is currently set at 0.99 bitcoins, approximately $430.

Currently the Petya ransomware seems to be targeting companies in Germany, but the likelihood of it remaining localized in low, most ransomware attacks begin in a country or region and grow to a global scale as the attacker’s resources grow.


Retrieving data without the ransom

It is important to note that while Petya does not encrypt the file data, it holds it hostage by making the computer unable to locate the data. The file data can still be read with data recovery software, but rebuilding the files would take a long time and they could be corrupted, especially in the case of fragmented files that are spread across different storage blocks in different regions of the disk.


Protecting against Petya & other ransomware

Ransomware can be notoriously difficult to detect until it is too late, some even manage to fool sandboxes. The best way to protect your business data against ransomware is to backup and protect the data on all user computers. This ensures that data is retrievable and encrypted in the case of an attack ensuring that your data is not leaked and that your business data is not held at ransom. Cibecs does this automatically so that IT does not need to worry about users missing backup schedules, total control is in IT’s hands from the central dashboard that allows monitoring as well as the management of user data such as restoring data, revoking encryption key access and remotely wiping computers.

IT Managers: How to Protect Your Users Against Ransomware

The best way to protect yourself, your users and your business against ransomware is by setting up a proactive defence. The ransomware statistics paint a frightening picture for anyone in charge of IT: In Q3 2016 alone, 18 million new malware samples were captured. Source: Panda Labs   What that means is that the criminals…

Cibecs Joins Silicon Valley Top 20

Cibecs Joins Silicon Valley Companies to be Listed on Top 20 Most Promising Storage Solution Providers Cibecs, a leading South African endpoint backup, protection and security solution, has been recognised as one of the 20 Most Promising Storage Solutions by CIO Review. The list, compiled by industry insiders, highlights leading global technology providers that offer effective…

4 Signs You Need a New Endpoint Data Backup Solution

With more workers depending on laptops it is more important than ever to ensure that the work protected and stored on those devices is backed up and protected. Forrester Research says that 45% of corporate executives don’t follow policies for data use and handling. Underlining how at risk almost half of a business’s data actually…

Discover how easy endpoint data protection can be