Could any of us imagine species of any malware program? This is what exactly happening to the latest malware- Ransomware. Before we can understand and take protective measures against one Ransomware, there is another one already awaiting in the queue. This time it’s Petya Ransomware.
We can’t really call it latest Ransomware, since reports for Petya bombarded a month ago. It’s another and even severe kind of Ransomware, which infects a computer through a so called business mail. Cybercriminals have chosen malicious yet smarter way to infect computers through ransomware.
Petya’s Route to the Computers
- Petya spreads through emails. It sends a malicious so called business mail, which would mention a request by an applicant to seek job in the organization.
- The mail contains two files, namely a CV that being a self-extracting executable file, and the applicant’s photo. The photo is usually a random one, taken without prior permission of the photographer.
- It uses Dropbox storage location as its exploit kit. Therefore, it directs the victim to download the CV using a hyperlink connected with the Dropbox.
- Once the victim goes through the process, It overwrites master boot record (MBR) of the entire hard drive, resulting in Windows crash down.
- As soon as user will try to reboot the system, all files on his system are booted with modified MBR and locks him out with access over his system.
- This becomes the perfect moment for Petya Ransomware to welcome the victim in the world of Ransomware with a skull on his screen. It asks for ransom within a given time and usually in Bitcoin using TOR as its medium.
- All the instructions are displayed on the screen with a warning to pay ransom within the given time period, in order to decrypt all files. Failing to do so doubles the amount of ransom.
Levels of Petya Infections
Petya has mainly two levels of infection.
In the beginning, an executable file is dropped on the system. This file overwrites the disk and makes an XOR encrypted backup of the original data. Finally windows crash downs in to BSOD.
In this level of infection, Petya ransomware overwrites only the beginning of the disk, making it easier to save the rest of the data. At this level, file system is not destroyed and data recovery is possible. Rebooting the system is not recommended here, since it completely locks out the user from his data.
Instead of rebooting, it’s good to make a disk dump, then mount the disk on another operating system and backup all files.
This level comes in scenario when victim reboots the system. A fake CHKDSK scan is run on the system which destroys the file system. This results in files becoming non-readable. However, it is reported that not entire disk is encrypted even in this level. There are still some areas on the disk and files which contain valid elements.
Ways to Protect from Petya Ransomware:-
Petya is considered the cruelest of all Ransomware since it not only encrypts the data but also overwrites them. It becomes imperative to safeguard from all such threats.
One should not reboot their system when infected with Petya, in first place. This only intensifies the attack and leaves the victim in vulnerability. Instead of this, recommend to the above mentioned process and don’t reach onto the second stage of infection.
Secondly, it is important to be proactive against Ransomware. Some of the measures for this are listed below:
- Install a reliable antivirus on the system. You can rely on Advanced System Protector for this work.
- Don’t download any spam files on your system. Look into the email and other links on your browser carefully before pressing a click on them.
- Backup your data on external sources. Using a USB storage device or cloud sharing makes up to be the best alternatives for the same. To backup all your data safely, rely on an application like Right Backup Anywhere.
Right Backup Anywhere has easy access over saving data on cloud, later viewing, downloading and sharing. You can access the app anytime from anywhere. Get the app to enjoy its amazing features!