The New Petya Ransomware

This ransomware is different the the others that are currently being distributed as it targets the master boot record of the victim's hard drive. This allows it to show a ransom note before Windows starts.

Note that restoring the MBR will not fix this as the hard drive will still be encrypted. Please wait till Petya is analyzed further in the event that it can be decrypted.


[bbvideo=560,315]https://www.youtube.com/watch?v=3YXYnAiSYrY#t=264.289478[/bbvideo]
 

Jared

Administrator
Staff member
I like the idea of encrypting the MBR, could lead to a lot of work for us if they just stopped there. Too bad they had to go and encrypt the rest of the drive :lol: .
 

Jared

Administrator
Staff member
Judging by how fast that virus works, it can't be encrypting the entire volume.... I'm guessing it's just the MBR & $MFT that it's encrypting. I'd bet you could still get most everything recovered in RAW, just without much for file names.
 

Jidaj

New member
http://www.bbc.com/news/technology-36014810 BBC says they have finally cracked the encryption system :ugeek: .
I cannot open the links to recovery software, though. perhaps, the problem is my IP or to be fixed soon. If I needed to recover my data in bulk, I would rather apply the recovery tools that work without decryption like those available e.g. at http://nabzsoftware.com/types-of-threat ... -decrypted
Besides, the method advised by BBC seems to target files on case-b-case basis, which may take ages. Anyway, great news, I hope the malicious encryption is soon to die away, anyway))))
 
Top