1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Experts crack Petya ransomware, enable hard drive decryption for free

Discussion in 'CSO' started by RSS, Apr 11, 2016.

  1. RSS

    RSS New Member Member

    Security experts have devised a method that allows users to recover data from computers infected with the Petya ransomware program without paying money to cybercriminals.

    Petya appeared on researchers' radar last month when criminals distributed it to companies through spam emails that masqueraded as job applications. It stood out from other file-encrypting ransomware programs because it overwrites a hard disk drive's master boot record (MBR), leaving infected computers unable to boot into the operating system.

    ALSO: How to respond to ransomware threats

    The program replaces the drive's legitimate MBR code, which normally starts the operating system, with code that encrypts the master file table (MFT) and shows a ransom note. The MFT is a special file on NTFS volumes that contains information about all other files: their name, size and mapping to hard disk sectors.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page