1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Petya ransomware overwrites MBRs, locking users out of their computers

Discussion in 'CSO' started by RSS, Mar 28, 2016.

  1. RSS

    RSS New Member Member

    It's hard enough for non-technical users to deal with ransomware infections: understanding public-key cryptography, connecting to the Tor anonymity network and paying with Bitcoin cryptocurrency. A new malicious program now makes it even more difficult by completely locking victims out of their computers.

    The new Petya ransomware overwrites the master boot record (MBR) of the affected PCs, leaving their operating systems in an unbootable state, researchers from antivirus firm Trend Micro said in a blog post.

    ALSO ON CSO: How to respond to ransomware threats

    The MBR is the code stored in the first sectors of a hard disk drive. It contains information about the disk's partitions and launches the operating system's boot loader. Without a proper MBR, the computer doesn't know which partitions contain an OS and how to start it.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page