Skip to main content

Petya Ransomware encrypts the MBR

By
The Dell Sonicwall Threat Research team has received reports of yet another ransomware called Petya. Over the past year, Ransomware has proven to be an inceasingly lucrative business for cybercriminals and has become very widespread that victims have resorted to paying to get their data back. Petya is no different, but instead of just encrypting files it overwrites the system's master boot record (MBR) effectively locking the victim out and rendering the machine unusable unless payment is made.
Infection Cycle: 

Upon execution, Petya replaces the boot drive's MBR with a malicious loader which will cause Windows to crash. On reboot, it will display a fake CHKDSK screen. 
 

The victim is then greeted with a flashing skull. 
 

After pressing any key, the instructions on how to pay to get their data back is then displayed. 

 

At this point, the victim is locked out of their machine and renders it useless. Rebooting into safe mode is also not possible. Victims can reformat their computers but will obviously lose all of their data. 

Below are the screenshots from the cybercriminal's well crafted website on the onion network where further instructions are given on how to submit payment in bitcoins. It appears that the group behind Petya Ransomware is calling themselves "Janus Cybercrime Solutions" and are demanding victims to send them 0.95865300 Bitcoins or an equivalent to $395 with the current exchange rate. 

 

FPetya Ransomware Step 2


FPetya Ransomware Step 4

Because of the prevalence of these types of malware attacks, we urge our users to back up their files regularly. 

 So it is time to check update for your Gateway Security/End point Security now to prevent this threat!

 Source : Dell SonicWall Security Center

 Have a good time.
(Be knowledgeable, pass it on then) 
Labels:

Comments

  1. ecaterinayanoMarch 4, 2022 at 6:39 PM

    888sport Casino Review - JtmHub
    888sport is one of the 영천 출장안마 best online gambling sites on 밀양 출장안마 the net. They 울산광역 출장안마 offer sports 남원 출장샵 betting, eSports, eSports, eSports, Keno, Roulette, 상주 출장마사지 Video Poker, Slots,

    ReplyDelete

Post a Comment

Popular posts from this blog

Link Aggregating with Synology NAS and Cisco Switch

By
I’d like to share how to setup Link Aggregating between Synology NAS and Cisco Switch. I’ve got one Synology NAS with 4 Network Ports and I’m going to use 2 of them. Both Network Port to be as one Logical Link, Fault Tolerance and Load Balancing. To do that, I need to configure Link Aggregating on Synology NAS and EtherChannel with LACP on Cisco Switch. Below is brief steps to do to meet with my requirements. - Get connected Synology NAS and Cisco Switch as shown in picture. - Bonding two Network Ports of Synology NAS and assign IP Address - Configure EtherChannel with LACP in Cisco Switch and add two physical ports as Member. OK. Let’s begin from Synology NAS. - Login to the Synology and go to Control Panel>Network>Create>Create Bond - Select IEEE 802.3ad to get Fault Tolerance and Load Balancing Featureyou’re your switch not support 802.3ad you can only select Fault Tolerance only feature). After that click “Next”. - Choose the network port f
35 comments
Read more

Solving the "A general system error occured:Invalid fault" error in vSphere 4

By
Below error was come out when you try to migrate VM to other host for some reason. Below error was come out when you try to edit VM setting. Below error was come out when you power on the VM. How to solve those error? Here is how I resolve the error! Login to the Host that errored VM exist by using Terminal or Direct Console. Enter below command and press enter. services.sh restart Wait until all VMware Services are restarted. After that try to Power On/Edit Settings or Migrate the errored VM and you will see all you can do without any error pop-up. This kind of errors can occur if you shutdown/restart VM unproperly or shutdown/restart the Host unproperly that VM exist. You can check log file deeply if you willing to know precisely on this. May you all be happy. (Be knowledgeable, pass it on then)
1 comment
Read more

Fortigate guide for Begineer - 6

By
I would like to explaine how to troubleshoot the Fortigate Unit configured by Transparent Mode in step by step this time. Let's assume, you have one Fortigate Unit that configured as Transparent Mode. But devices from Internal/Private Network unable to access Internet/Public Network through your Fortigate Unit. OK. Let's troubleshoot with following steps, 1) Check the physical network connections between the network and the FortiGate unit, and between the FortiGate unit and the Internet. 2) Check the router and ISP-supplied equipment to make sure it is operating correctly. 3) Verify that you can connect to the internal interface by connecting to the management IP address of the FortiGate unit from the Internal network. From the internal network, attempt to ping the management IP address. If you cannot connect to the internal interface, verify the IP configuration of the PC and make sure the cables are connected and all switches and other devices on the network are powered on a
Post a Comment
Read more