Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Ransomware now uses disk-level encryption for even more damage

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 29, 2016

We've been reading a lot lately about ransomware and its damaging effects on computers and other devices. Now ransomware has been detected infecting master file tables, rendering Windows PCs totally useless unless payment is made to the hackers.

When first executed, the Petya ransomware will reboot the victim's PC and run what appears to be a Windows check disk scan as a mask for the encryption process. But the whole thing is a scam.

A screen is then displayed that directs users to a payment link where 0.9 Bitcoins (about US $382) are to be sent in exchange for the needed decryption key.

Malware man Lawrence Abrams says German businesses are being targeted with Petya through phishing emails.

"The Petya ransomware takes it to the next level by encrypting the hard drive itself so you are unable to access anything on the drive anymore, including the Windows operating system," Abrams asserted.

When first installed, the Petya ransomware will replace the boot drive's existing master boot record with a malicious loader. It will then cause Windows to reboot in order to execute the new ransomware loader, which will display a screen pretending to be CHKDSK.

There are not yet any methods for free decryption by way of exploiting possible security flaws in Petya's encryption implementation, meaning users must wipe their machines or pay the ransom.

However, just repairing the master boot record will not decrypt the ransomware, leading the attackers (calling themselves 'Janus Cybercrime Solutions') to say such an attempt can shutter the ability to decrypt using a purchased key.

Interestingly, a backup of the PC's original master boot record is, for lack of a better word, encrypted using the ASCII character 7.

It is the latest evolution in the dynamic and what appears to be the profitable ransomware market.

Ransomware variants will encrypt desktops and phones with the best, using strong encryption that has resisted various circumvention attacks.

Some malware will target multiple network drives, seek out and encrypt connected back-ups, and silently encrypt and decrypt on the fly for months in a bid to prevent system administrators falling back to previous backup restores.

Payments are often met with working decryption keys for the most professional ransomware, leading many businesses and even hospitals to pay up to re-access their digital files.

Source: Lawrence Abrams.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer