There's a new ransomware floating around that is mainly targeting business users — predominantly in HR departments — and prefers to encrypt hard drives in one go instead of targeting individual files. Here's what you need to know.
Ransomware picture from Shutterstock
The Petya ransomware masquerades as an email containing a job application with a link to a Dropbox file that claims to be a resume document but is, instead, an .exe file. When you try to open the file, it sets off a bluescreen of death and then the malware goes on to encrypt the victim's hard drive on their PC.
According to security vendor Kaspersky Lab, unlike other ransomware that encrypts certain file types like pictures and office documents while leaving the operating system untouched, Petya works to block access to the entire hard drive.
This is what Kaspersky Lab researchers had to say about Petya:
"In a nutshell, no matter how your hard drive is organised, whether there is only one partition or more, there’s always some disk space invisible for you called Master Boot Record (MBR). It contains all the data on the number and organisation of partitions, and it also contains a special code used to start booting the OS — it’s called boot loader. This boot loader always runs BEFORE the operating system. And this is exactly what Petya infects: it modifies boot loader so that it loads Petya’s malicious code instead of any operating system installed on the PC."
There is currently no way of decrypting data that falls victim to Petya but Dropbox is already working on removing the malicious archives with the malware from its cloud storage so attackers can't use the service anymore. Having said that, it won't be long before they figure out another way of delivering Petya so it'd advised that users be extra cautious when it comes to receiving emails from senders they are unfamiliar with.
You can find out the full details of how Petya works over at the Kaspersky Lab blog.
[Via Kaspersky Lab blog]