Types header


Name Petya
Type Locker Ransomware
Short Description Unlike other ransomware, these type of ransomware denies access to the full system. The malware authors have created their own boot loader and also a small kernel, which is thirty-two sectors length.

When the executable runs, it shows UAC (User Account Control) pop-up as given below.

petya1 1

When this pop-up runs the system will crash and tries to restarts

Distribution Method This ransomware is distributed via scam emails like job application. The E-mail contains drop box link, where the malicious ZIP file. And also, through malicious websites hosting Petya ransomware   through Hunter exploit kit.

petya1 2

petya1 3

More Details

This kind type of ransomware overwrites the Master Boot Record of the disk and then it shows Blue Screen of Death. The below showing the website for the infected users, instructed for the payment of bitcoins.

petya1 4

It also offers step by step instructions on how affected victim can recover the data as shown below.

petya1 5

The steps can be summarized as,

  1. Enter the personal identifier
  2. Bitcoin purchase
  3. Bitcoin transaction

Usually this kind of ransomware is packed with   FUD/Cryptor is one of the reason where we cannot see the malicious code at primary analysis. The malicious process is dynamically unpacked to the memory when it is executed. For encryption, decryption and key verification salsa20 algorithm is used.