Windows boot-ups disrupted by new encrypting ransomware

By

Petya modifies hard drive master boot records.

A new strain of ransomware has taken the holding of user files hostage to the extreme by preventing computers from booting up the Windows operating system, according to security vendor Trend Micro.

Windows boot-ups disrupted by new encrypting ransomware

Dubbed Petya, the malware crashes computers and reboots them after rewriting the hard disk master boot record.

Upon reboot, the Petya malware masquerades as the Windows CHKDSK file system consistency checking tool and encrypts the entire hard drive. 

After the encryption routine has completed and the hard disk scrambled, victims are directed to download the The Onion Router (TOR) browser to access the anonymising network in order to pay a ransom of 0.99 Bitcoin (A$555).

On Petya-infected computers, Windows will no longer load, nor is it possible to start in safe mode.

An earlier report from German security vendor G-Data suggests Petya is aimed at companies' human resources departments, with the malware sent in emails from bogus job applicants.

G-Data samples of social engineered messages contain authentic-looking images of job applicants with their CV attached as binary files via links from storage services like Dropbox.

Petya depends on victims executing the malware with administrator rights on Windows in order to have file system level access. 

Without administrator privileges, Petya will fail with an error message, Trend Micro said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Log In

  |  Forgot your password?