PETYA ransomware targets enterprise users via the cloud and overwrites MBRs

5 Comments

petya_ransomware

Crypto-ransomware is the malware du jour, and the likes of TelsaCrypt 4 and KeRanger are just some of the names to hit the headlines recently. One of the latest examples of ransomware, PETYA, is taking a slightly different and more worrying approach -- it not only targets enterprise users, but also encrypts entire hard drives rather than just a selection of files.

PETYA -- also known as RANSOM_PETYA.A -- goes to some lengths to make sure that victims know that their computers are infected, overwriting the MBR (Master Boot Record) to display a ransom note during the boot process. The malware uses a "military grade encryption algorithm" to lock users out of their files, and victims are directed to venture onto the dark web using the Tor browser to make a Bitcoin ransom payment.

Security experts at Trend Micro have shard details of PETYA, highlighting the eye-catching skull and crossbones warnings that victims are faced with. The ransomware is spread using a combination of email and the cloud, targeting enterprise users by emailing fake job applications to targets. The victim is encouraged to click a link to download a file from Dropbox -- this is an executable which installs PETYA and causes a BSoD.

Once infection has taken place, the victim is completely locked out of their computer thanks to the fact that the MBR has been overwritten. As Trend Micro points out, the attack vector means that booting into safe mode is not possible meaning users are left with a choice between paying the ransom or losing access to their files -- although, presumably, enterprise users will have backups in place.

The ransom price starts at 0.99 Bitcoins (around $431), but a countdown timer on the Onion site used to accept payment warns that unless money is handed over quickly, the price will go up. This scare tactic is used to encourage victims to cough up the cash.

With no removal tool available, the advice is -- once again -- to take care when opening attachments or following links.

5 Comments

5 Responses to PETYA ransomware targets enterprise users via the cloud and overwrites MBRs

Got News? Contact Us

Recent Headlines

Apple AirPlay comes to IHG Hotels and Resorts

Millennials are key targets for phishing

Get 'Applied Machine Learning and AI for Engineers' (worth $67.99) for FREE

Best Windows apps this week

The dynamics of modern Windows device management [Q&A]

Netflix says it will no longer share details of subscriber numbers

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

61 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

10 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.