To Customer Support To Customer Support

Latest Petya Ransomware Strain Comes with a Failsafe: Mischa

  • 13 May 2016
  • 5 replies
  • 383 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By Michael Mimoso May 13, 2016
 
                                           



The Petya ransomware strain signaled a new escalation for crypto-malware when it surfaced in March. For the first time, ransomware went beyond encrypting files on local and shared drives and instead set its sights on locking up the Master File Table on compromised machines.

Petya did have its shortcomings and before long, researchers were able to develop a tool that recovered some files lost to infections.

The criminals behind Petya, meanwhile, have addressed another weakness where the malware would not execute if it were not granted administrative privileges in order to target the MFT. A new installer for Petya was found and disclosed on Thursday. It comes with a failsafe; if its installer is not granted the privileges it seeks, it instead installs another strain of ransomware known as Mischa.
 
Full Article

5 replies

Baldrick
Rank
Userlevel 7
Very nasty indeed...and this really, really puts the emphasis on having an image of one's disk rather than just having data backups, as the best solution should the unfortunate happen and this one strikes. 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
An interesting article about Petya and Mischa if you are wanting to look deeper.
 
May 19, 2016 | BY hasherezade

After being defeated about a month ago, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie.

They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to this phenomenon. Welcome to part one! The main focus of this analysis is Petya (the Green version).

Let’s start with some background information.

This time authors also deployed a page with information for potential clients of their Ransomware-As-A-Service:
 
                


 
Full Article
Baldrick
Rank
Userlevel 7
Indeed, very interesting, Jasper...thanks. One for a more detailed look this weekend, methinks.
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
June 10, 2016 | BY hasherezade
 
                                         


 
After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie.
 
They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to this phenomenon. Welcome to part two! The main focus of this analysis is Mischa and Setup.dll (the malicious installer that chooses which payload to deploy).
 
Full Article
Baldrick
Rank
Userlevel 7
Well, lets hope that as in the Bond film the good guys when in the end and destroy the Golden Eye satellites. ;)
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.