Unlike other ransomware, the Petya does not encrypt only some files – instead, prevents the computer from connecting
a new software malicious, which is being dubbed Petya and was described by several antivirus companies in recent days, takes the ransomware to the next level, disabling the computer and making all inaccessible files.
Unlike other programs ransomware , which encrypt the user files the Petya passes next to the files and instead overwrites the Master Boot Record of the hard disk, leaving the computer unable to boot, and encrypts the “map” of the files, leaving them almost impossible to recover.
Petya has been mainly registered in Germany. “Disguises up” of an email that is a job offer, writes PC World magazine, adding: “This suggests that its creators have targeted companies with messages to be directed to human resource departments “. The email contains a link to a folder on Dropbox with a file that appears to be the candidate’s resume -. But if it is downloaded and executed, the file installs the ransomware
Once installed , the software starts by rewriting the MBR – the lines of code that tell the computer where to find the operating system, and other information that allow you to boot. This causes what is known as a ‘blue screen of death’, that is, the computer is unable to boot, showing only an error image before restarting. According to PC World, which is based on the book reviews written by antivirus companies, it is at this point that the ransomware encrypts the Masters File Table (MFT) – a special file that contains information about all other files, since its name to the place where they are. With the encrypted MFT, it is almost impossible to access the files. Thus, Petya bypasses the encryption to the files themselves, which is what usually happens with the ransomware , which takes much longer.
So, when the computer restarts arises Petya message that explains the owner of the affected computer you will have to pay a ransom for your computer to be decrypted – normal procedure that is requested for this type of software malicious, forcing users many sometimes little versed in technology to enter the Tor network to pay a ransom in Bitcoin.
for now, this software malicious has only been detected in Germany. But PC World points out that it is common for the ransomware start to be limited to a certain place, but eventually it spread.
This type of software asking for ransom in Bitcoin for decryption of files from an infected computer is becoming more frequent. The Petya is different not encrypt the files but the “road map” to locate, and prevent your computer from starting, while others leave the computer to operate normally, but the encrypted files inaccessible.
on Monday, the FBI asked even helps computer security experts to assist in their investigation of this type of software . The leader of one of the security companies, the Carbon Black even said: “It is to become a ciberemergência”
.
No comments:
Post a Comment