Petronella Blog Archive

Visit our New Blog

Petya, a New Form of Ransomware

Blog Post

We’ve got a new wrinkle in ransomware that has just been detected. This new version takes over the computer at start up and instead of showing the Windows logo, it flashes a red and white skull and crossbones.

Petya, as Trend Micro’s security team called it, doesn’t encrypt files the way typical ransomware does, instead it causes the dreaded blue screen of death, then puts up a ransom note before the operating system even starts up. It doesn’t actually encrypt the hard drive, but instead overwrites the Master Boot Record (MBR).

This new batch of malware appears have been spread through emails to the Human Resources departments of companies with Drop Box links. The emails claim to have a link to a resume, but instead it directs the victim to an executable file. When opened, the computer crashes, reboots, and gives the appearance of performing a disk analysis, but instead it’s locking the user out of their hard drive.

While Petya doesn’t technically encrypt the files, after the disk analysis a skull and crossbones is displayed with a message demanding .99 Bitcoin, or around $412, which doubles in a week. Though the files aren’t technically encrypted, the end result is the same and the overwritten Master Boot Record keeps the computer from running in safe mode. So far, it’s not entirely clear whether it’s possible to restore the MBR and gain access to the hard drive.

In order to better protect yourself from being taken advantage of by all types of ransomware, download the free Ransom Protection Checklist or sign up to receive it by mail. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.