Windows boot-ups disrupted by new encrypting ransomware

By on
Windows boot-ups disrupted by new encrypting ransomware

Petya modifies hard drive master boot records.

A new strain of ransomware has taken the holding of user files hostage to the extreme by preventing computers from booting up the Windows operating system, according to security vendor Trend Micro.

Dubbed Petya, the malware crashes computers and reboots them after rewriting the hard disk master boot record.

Upon reboot, the Petya malware masquerades as the Windows CHKDSK file system consistency checking tool and encrypts the entire hard drive. 

After the encryption routine has completed and the hard disk scrambled, victims are directed to download the The Onion Router (TOR) browser to access the anonymising network in order to pay a ransom of 0.99 Bitcoin (A$555).

On Petya-infected computers, Windows will no longer load, nor is it possible to start in safe mode.

An earlier report from German security vendor G-Data suggests Petya is aimed at companies' human resources departments, with the malware sent in emails from bogus job applicants.

G-Data samples of social engineered messages contain authentic-looking images of job applicants with their CV attached as binary files via links from storage services like Dropbox.

Petya depends on victims executing the malware with administrator rights on Windows in order to have file system level access. 

Without administrator privileges, Petya will fail with an error message, Trend Micro said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?