By Michael Mimoso May 13, 2016
The Petya ransomware strain signaled a new escalation for crypto-malware when it surfaced in March. For the first time, ransomware went beyond encrypting files on local and shared drives and instead set its sights on locking up the Master File Table on compromised machines.
Petya did have its shortcomings and before long, researchers were able to develop a tool that recovered some files lost to infections.
The criminals behind Petya, meanwhile, have addressed another weakness where the malware would not execute if it were not granted administrative privileges in order to target the MFT. A new installer for Petya was found and disclosed on Thursday. It comes with a failsafe; if its installer is not granted the privileges it seeks, it instead installs another strain of ransomware known as Mischa.
Full Article
Very nasty indeed...and this really, really puts the emphasis on having an image of one's disk rather than just having data backups, as the best solution should the unfortunate happen and this one strikes.
An interesting article about Petya and Mischa if you are wanting to look deeper.
May 19, 2016 | BY hasherezade
After being defeated about a month ago, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie.
They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to this phenomenon. Welcome to part one! The main focus of this analysis is Petya (the Green version).
Let’s start with some background information.
This time authors also deployed a page with information for potential clients of their Ransomware-As-A-Service:
Full Article
May 19, 2016 | BY hasherezade
After being defeated about a month ago, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie.
They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to this phenomenon. Welcome to part one! The main focus of this analysis is Petya (the Green version).
Let’s start with some background information.
This time authors also deployed a page with information for potential clients of their Ransomware-As-A-Service:
Full Article
Indeed, very interesting, Jasper...thanks. One for a more detailed look this weekend, methinks.
June 10, 2016 | BY hasherezade
After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie.
They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to this phenomenon. Welcome to part two! The main focus of this analysis is Mischa and Setup.dll (the malicious installer that chooses which payload to deploy).
Full Article
After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie.
They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to this phenomenon. Welcome to part two! The main focus of this analysis is Mischa and Setup.dll (the malicious installer that chooses which payload to deploy).
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.