Petya – The Ransomware That Deletes Your Master Boot Record

Ransomware is getting nastier and nastier. Initially just an attempt to turn malicious software (malware) into something that is financially rewarding, ransomware works by encrypting your files and asking that you pay them (normally in bitcoins) in order to get the keys required to unencrypt the files. The latest one looks to make it even harder for you to bypass it by deleting master boot records on infected computers.

Named Petya, the new ransomware overwrites master boot records of affected PC’s meaning that your computer, next time it’s turned on, doesn’t even know where to go find our operating system, resulting in a computer that can’t even find the OS, let alone load it. Trend Micro report that the email seems to be hidden in emails that are advertising themselves as a job advert, with an email linking to a dropbox folder. Within the folder is a self-extracting archive, apparently the applicants CV and photo only once extracted the ransomware is installed.

The system is then tricked into a critical error, resulting in everyone’s favourite blue screen of death. During reboot the false master boot record (MBR) that was put in place by Petya will encrypt the master file table, this is the record of every file, location and where and how to get it to it on your system. By encrypting this file, you don’t need to go near the actual files, as any operating system will be unable to find the files. Encrypting one file instead of hundreds reduces the speed, meaning that people are often left with no choice but to pay the 0.99BTC (£296 roughly) fee that they request.

With ransomware getting even more aggressive in its tactics, it’s all that more important to ensure you check emails because you receive them and keep your anti-virus and anti-malware software up to date.