Cyber-criminals are reverting to tactics from the playbook of yore to extort money from a new generation of victims. Older iterations of ransomware typically fell into the ‘device lockers’ category, recently crypto-ransomware such as Cryptolocker and Locky have proven to be successful by encrypting particular files and folders. Petya is a departure from the current trends in that the entire hard drive is compromised by malware instead of a few specific files.
Petya is distributed via email, one tailored to read like a business related message from a job applicant. The email provides a link to the fake applicant’s CV, usually a legitimate cloud storage service such as box.com or Dropbox.
On clicking the link the recipient is confronted with two files – one a self-extracting executable Trojan file masquerading as the applicant’s CV, the other a photo of the alleged applicant. Said Trojan blinds the most popular antivirus programs and before it downloads and executes Petya ransomware.
Petya overwrites the entire hard drive (including the MBR) crashes the operating system, causing the dreaded BsoD (blue screen of death) to appear at start up. Victims will find that they cannot boot their machines into safe mode, rather the start up screen will display a ransom demand requesting that the victim make payment (in bitcoin) or forever lose access to the hard drive.
Readers are advised to be wary of links from unsolicited emails and to be avoid downloading files from unknown sources. Additionally keep firewalls and anti-virus software up to date. In case of emergency, readers should make a back up of their most important files on an external hard drive.
0 comments:
Post a Comment