PETYA ransomware
Page 1 sur 1
PETYA ransomware
Petya Ransomware skips the Files and Encrypts your Hard Drive Instead
Typically, when a user becomes infected by a crypto-ransomware, the infection targets and encrypts the files on the victim's hard drives. This leaves the operating system working properly, but with the user unable to open the encrypted documents. The Petya Ransomware takes it to the next level by encrypting portions of the hard drive itself that make it so you are unable to access anything on the drive, including Windows. At the time of this writing, the ransom payments are at ~.9 bitcoins and there is no way to decrypt your drive for free.
This ransomware is currently being distributed via emails that are targeting the human resources departments of German companies. These emails contain dropbox links to supposed applications that download a file that when executed will install the Petya Ransomware on the computer. An example filename for the installer is Bewerbungsmappe-gepackt.exe.
It is important to note that there is a lot of bad information on the web about how how to fix your computer when it has been encrypted by Petya. Many of these sites state that you can use the FixMBR command or repair your MBR to remove the infection. Though this will indeed remove the lock screen, it will not decrypt your MFT and thus your files and Windows will still be inaccessible. Only repair the MBR if you do not care about any lost data and want to reinstall Windows.
Back in January, there was another short-lived ransomware that was performing the same behavior, but was not as advanced. At that time, though, a sample was not able to be retrieved. It is unsure if Petya is a redesigned version of the previous one shown below.
Lire la suite sur BleepingComputer
conseil: désactiver le redémarrage automatique de votre Ordinateur
Typically, when a user becomes infected by a crypto-ransomware, the infection targets and encrypts the files on the victim's hard drives. This leaves the operating system working properly, but with the user unable to open the encrypted documents. The Petya Ransomware takes it to the next level by encrypting portions of the hard drive itself that make it so you are unable to access anything on the drive, including Windows. At the time of this writing, the ransom payments are at ~.9 bitcoins and there is no way to decrypt your drive for free.
This ransomware is currently being distributed via emails that are targeting the human resources departments of German companies. These emails contain dropbox links to supposed applications that download a file that when executed will install the Petya Ransomware on the computer. An example filename for the installer is Bewerbungsmappe-gepackt.exe.
It is important to note that there is a lot of bad information on the web about how how to fix your computer when it has been encrypted by Petya. Many of these sites state that you can use the FixMBR command or repair your MBR to remove the infection. Though this will indeed remove the lock screen, it will not decrypt your MFT and thus your files and Windows will still be inaccessible. Only repair the MBR if you do not care about any lost data and want to reinstall Windows.
Back in January, there was another short-lived ransomware that was performing the same behavior, but was not as advanced. At that time, though, a sample was not able to be retrieved. It is unsure if Petya is a redesigned version of the previous one shown below.
Lire la suite sur BleepingComputer
conseil: désactiver le redémarrage automatique de votre Ordinateur
Page 1 sur 1
Permission de ce forum:
Vous ne pouvez pas répondre aux sujets dans ce forum
|
|