The new ransomware can encrypt an entire hard drive and skip your files
Cybercriminals have released yet another strain of ransomware which can completely lock down an operating system, rendering the whole system useless.
Ransomware can wreck an irredeemable havoc on any system it attacks. When it attacks a system, it locks down the entire system, and then demands a ransom payment in the form of crypto currency, before a user will be granted access again.
If payment isn’t made within the stipulated period of time and no decrypting solution is available, victims are at the risk of losing access to their system for good.
Petya, a ransomware variant which unlike other ransomwares does more than locking up files; it completely locks an operating system, eliminating access to the hard drives of the system.
Lawrence Abrams, a researcher at Bleeping Computer has made it known that HR departments of some German companies have come under the attack of ransomware. The malicious malware is sent in the form of phishing emails which contain Dropbox links which when clicked on executes Petya on the system.
Once the malware has been installed, a malicious loader which replaces the master boot record (MBR) will force the system to reboot. When this happens, the malicious code will be loaded on the operating system. This will be followed by a screen which looks like the system’s tool check disk (CHKDSK), pretending to be a scan. As the fake scan runs, Petya will encrypt the Master File Table (MFT).
It will then become impossible for the computer to accurately tell where the files are located, or even know that they exist once the MFT has been corrupted.
Once the system has been completely locked, a screen demanding for payments in Bitcoin will appear. The user will then be given directions on how to make payments.
View how Petya encrypts drive in the video here:
Before the system will be unlocked, the victim must use his or her unique ID.
As it stands now, no solution has been found for this problem yet, as ransom payment falls somewhere around 0.9 BTC ($370). Any attempt to fix up the Master Boot record using the “FixMBR” command will end in futility as Window’s files remain inaccessible.
Repairing MBR can only be used as a solution if a user is ready to lose his or her files as it will require reinstallation of Windows.
But there seems to be light at the end of the tunnel. Security professionals have been working to come up with solutions.