New MBR Infecting Ransomware 'Petya' Found In The Wild

GData and TrendMicro report a new ransomware they refer to as 'Petya' is circulating in the wild largely affecting German 'Human Resources' departments (archived 1, archived 2). Like other ransomware Petya encrypts files on an infected machine, but it goes further than other ransomware by living in a computer's masterboot record and presenting its demands through a DOS boot screen when the infected machine is powered on. In its present incarnation Petya demands a 0.99 Bitcoin ransom which doubles if its payment deadline is missed. If an affected user goes through the FBI approved manner of recovering their files by paying the ransom, they would be well advised to physically destroy the disk and handle recovered files with care. This is because if anything was learned from the MBR infecting rootkit Sony distributed on their music CDs, it is that people who care enough to put their malware in the MBR tend to make complete eradication of the malware a tremendous pain.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>