Petya another large scale ransomware attack is making chaos worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding $300 in bitcoins.
Apart from this, many victims have also informed that Petya ransomware has also infected their patch systems.
“Petya uses the NSA Eternal Blue exploit but also spreads in internal networks with WMIC and PSEXEC. That’s why patched systems can get hit.”
Petya is a nasty piece of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.
Instead, Petya reboots victims computers and encrypts the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.
Petya ransomware replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.
Prevent Infection & Petya Kill-Switch
Researcher finds Petya ransomware encrypt systems after rebooting the computer. So if your system is infected with Petya ransomware and it tries to restart, just do not power it back on.
“If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine.” HackerFantastic tweeted. “Use a LiveCD or external machine to recover files”.
Source: thehackernews.com