Petya GDATA Ransomware

Ransomware’s continued growth seems to be continuing despite efforts to warn users about the type of cybercrime that encrypts files and systems until a user pays a fee to unlock it.

We have reported on several ransom attacks in recent weeks, including the first ever such attack on Apple’s OS X platform.

On Windows ransomware is more common and a growing concern, and a new type of attack called Petya has been described by G DATA Software.

Petya causes problems by encrypting a user’s hard drive, which is a twist on the ransomware idea by shutting down a whole hard drive instead of an individual files.

This means that user’s infected by Petya will see their entire machines closed to the ransomware, starting for the operating system boot process. As is often the case with ransomware, the attack is distributed through an email message that claims to be offering a job proposal.

Petya-GDATA-Ransomware

While attacks of this kind usually have an infected attachment, Petya is distributed by a hosted resume on a Dropbox cloud service. User’s think they are heading to the legitimate cloud destination to apply for the job post offered, but instead the hyper link just leads to a Trojan Horse that then plants the Petya ransomware on a system.

Once embedded into the system, the Petya Trojan Horse gets to work and changes the master boot record of the OS, which in turn makes the system crash. When the machine is restarted the boot will look like Microsoft’s Check Disk utility, but it will actually be Petya’s initiation process mimicking Microsoft’s service, allowing the ransomware to be installed.

With the installation process complete, a skull will appear with just a single keystroke possible for a user to continue. The ransomware will explain that the machine is infected and that the user should pay a fee for a recovery key to unlock the data.

The obvious way to avoid Petya or indeed most ransomware attacks is to avoid opening attachments or links in emails from an unknown sources.

SOURCE: G DATA