Name | Petya |
Type | Locker Ransomware |
Short Description | Unlike other ransomware, these type of ransomware denies access to the full system. The malware authors have created their own boot loader and also a small kernel, which is thirty-two sectors length. |
Symptoms |
When the executable runs, it shows UAC (User Account Control) pop-up as given below. When this pop-up runs the system will crash and tries to restarts |
Distribution Method | This ransomware is distributed via scam emails like job application. The E-mail contains drop box link, where the malicious ZIP file. And also, through malicious websites hosting Petya ransomware through Hunter exploit kit. |
Image |
|
More Details |
This kind type of ransomware overwrites the Master Boot Record of the disk and then it shows Blue Screen of Death. The below showing the website for the infected users, instructed for the payment of bitcoins. ![]() It also offers step by step instructions on how affected victim can recover the data as shown below. ![]() The steps can be summarized as,
Usually this kind of ransomware is packed with FUD/Cryptor is one of the reason where we cannot see the malicious code at primary analysis. The malicious process is dynamically unpacked to the memory when it is executed. For encryption, decryption and key verification salsa20 algorithm is used. |