HITB2016AMS

Researchers Learning More About Petya Ransomware

Researchers are digging through samples of the Petya ransomware, and while they’ve learned some about its inner workings, they still haven’t mastered enough to come up with a decryptor.

Petya is the latest twist on crypto-malware. It was found recently targeting companies in Germany in a spam campaign aimed at human resources organizations. The emails contained a link to a Dropbox file that if clicked loads a dropper that installs Petya.

The ransomware will then encrypt the master file table on compromised machines, and demand around $400 in Bitcoin for the decryption key. This is a radical departure from other strains of ransomware that encrypt files stored on the computer, network shares or backups that the computer may have access to.

Tags: