1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Petya ransomware is now double the trouble

Discussion in 'CSO' started by RSS, May 13, 2016.

  1. RSS

    RSS New Member Member

    The Petya ransomware now bundles a second file-encrypting program for cases where it cannot replace a computer's master boot record to encrypt its file table.

    Petya is an unusual ransomware threat that first popped up on security researchers' radar in March. Instead of encrypting a user's files directly, it encrypts the master file table (MFT) used by NTFS disk partitions to hold information about file names, sizes and location on the physical disk.

    Before encrypting the MFT, Petya replaces the computer's master boot record (MBR), which contains code that initiates the operating system's bootloader. Petya replaces it with its own malicious code that displays the ransom note and leaves computers unable to boot.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page