Petya, the latest in “crypto-extortion” malware

petya-1200

PC users, beware! There’s a new form of malware making the rounds online, and it’s taking crypto-extortion to a whole new level, according to Ars Technica.

The malware is called Petya, and unlike most forms of malware, which are programmed to be distributed to a wider and more general user base, this ransomware is targeted specifically at individuals who work in departments like human resources (HR) and information technologies (IT).

What is Ransomware?

Cryptographic ransomware, or just “ransomware” is a type of malware which restricts access to the infected PC in a specific way until the victims pay a ransom to the malware operators in exchange for removing the restriction.

What Makes Petya Different?

Unlike most forms of ransomware, which are selective about what they encrypt so the victims have enough access to their PCs to pay the hackers, Petya targets your entire startup drive, encrypting the master file table so that Windows can’t make sense of the index files on your disk. This process essentially leaves all of your programs and files intact, but scrambles the metadata so that Windows can’t turn the data into anything useful.

petya-skull-720

How Are People Getting It?

Petya is currently being delivered via Dropbox links in e-mails being sent to human resources companies. The links claim to be connected to important applications to be installed by the employee, but when they run the attachment a Window alert pops up warning them that it might be trouble.

In the unfortunate circumstances where an employee clicks ‘continue’ Petya is launched and inserted into the master boot record (MBR) and the system restarts. When the victim reboots the computer, the randomware performs a fake disc check (CHKDSK) and warns “One of your disks contains errors and needs to be repaired” after which an ASCII skull and crossbones appears and the message “You became victim of the PETYA RANSOMWARE!” is displayed.

The screen then shows instructions on how to obtain a key to restore the disc after the victim pays a ransom, usually around 0.90294 Bitcoins, or $373 at current Bitcoin value.

Some Good News, and Bad News

The good news is that as if you’re a regular PC user like many of our customers, you should be just fine and you’ll never have to worry about Petya infecting your system.

The bad news is that if you find your PC infected with this aggressive form of malware, you may find yourself unable to unscramble your metadata to make sense of the programs and files you used to have.

This means that the only way to recover some (potentially not all) of your files is to enlist the help of a dedicated data recovery service.

The Bottom Line?

As always, the easiest way to keep your PC safe from malware and viruses is to not open emails that look suspicious and don’t click on links or open folders from people you don’t know.

However, if your PC is acting up, running slowly, generating pop-ups at random, or displaying other warning signs of infection and malware, bring it in for our virus removal service and we’ll clean it up for you.