A new type of malware surfaced about 2 weeks ago and has been described as one that takes crypto-extortion to a new level. While most cryptographic ransomware variants are selective about what they encrypt—leaving the computer usable to make it easier for the victim to pay—this new entry targets the victim’s entire startup drive, encrypting the master file table (MFT).
Called Petya, the new ransomware is just the latest ransomware deliberately tailored for victims within organizations with IT support instead of a broader audience. Petya is currently being delivered via Dropbox links in e-mail messages targeting human resources departments at companies in Germany. The links are purported to be to an application to be installed by the HR employee.
Running the attachment throws up a Windows alert; if the user clicks to continue, Petya is inserted into the master boot record (MBR) of the victim’s computer, and the system restarts. On reboot, the malware performs a fake Windows CHKDSK, warning “One of your disks contains errors and needs to be repaired,” Petya then flashes up an ASCII skull and crossbones on a red and white screen, announcing “You became victim of the PETYA RANSOMWARE!”
Here’s what being infected with Petya looks like thanks to bleepingcomputer:
Fortunately, an individual on Twitter named leostone has created an algorithm that will decrypt Petya infected files. For details of which, head over to bleepingcomputer for step-by-step instructions and explanations.