Petya, a Ransomware or it’s cousin?

2016-10-28_1928

We know from the previous post that Ransomware encrypts your files and deletes them if you don’t pay X amount of money in bitcoin until the time goes off. With Petya there’s a different story, it still requires you to pay a ransom but this time instead of deleting your files it blocks your WHOLE computer and deletes everything  on your Hard-Drive.

It’s still considered a Ransomware but it behaves more like a rootkit. The following is a video demonstration…

     And we thought that the Ransomware Jigsaw was scary. But there’s no need to panic! The Talos team from the Cisco systems have released a FREE filter that is open source and makes your computer immune to it.

You could almost say that it blocks the channels that Petya uses to infiltrate your Hard-Disk so literary when Petya launches, it will look like a “Hello!” message made by a 14 year’s old using notepad.

 

And that’s how you turn a bear into a mosquito. The result of brilliant minds and reverse engineering. Next you will find an article written by Mohit Kumar which tells more about the MBRFilter. He also provides a link to the official page where you will find a download link.


MBRFilter — Open Source Tool to Protect Against ‘Master Boot Record’ Malware


Technically, Bootloader is first code that gets executed after system BIOS that tells your computer what to do when it start.


An advanced malware program, such as rootkit and bootkit, leverages this process to infect computers by modifying the MBR.


A boot malware or bootkits has the ability to install ransomware or other malicious software into your Windows kernel, which is almost impossible to detect, and thus takes unrestricted and unauthorized access to your entire computer.


So, the best way to protect your computer against such bootkits is to restrict your MBR to rewrite or overwrite by an unauthorized software…Read more


We now know one thing for sure! Petya isn’t a threat anymore. And whatever follows next…It won’t last for long.

Image source

Recommended Resources: