When it comes to security threats and risks, the community as a whole is at its best when it has a common goal. An example of this was two weeks ago when a new ransomware was found going by the name Petya. Petya didn’t act like normal ransomware but instead decided it would go after your master boot record, often locking people out their entire system until they received their password after paying a nice little fee. That was until some clever people got together to create some tools to get your system back from the ransomware without paying a single penny!
The original web tool came from the twitter account @leostone and lets you retrieve your file by providing it with a selection of data from the infected hard drive. Getting the data may seem like something difficult but a separate researcher went and created a tool titled Petya Sector Extractor that can find and retrieve the required data in seconds.
By removing the hard drive and plugging it into another computer, these tools can work together to retrieve the password required to unlock your master boot record from the clutches of Petya. The sector extractor tool is hosted by Bleeping Computer, a computer self-help forum, and reports that not only does the technique work but has also provided a step-by-step tutorial for anyone who isn’t 100% regarding how to return all their family photos at zero cost.
Ransomware is getting nastier and nastier. Initially just an attempt to turn malicious software (malware) into something that is financially rewarding, ransomware works by encrypting your files and asking that you pay them (normally in bitcoins) in order to get the keys required to unencrypt the files. The latest one looks to make it even harder for you to bypass it by deleting master boot records on infected computers.
Named Petya, the new ransomware overwrites master boot records of affected PC’s meaning that your computer, next time it’s turned on, doesn’t even know where to go find our operating system, resulting in a computer that can’t even find the OS, let alone load it. Trend Micro report that the email seems to be hidden in emails that are advertising themselves as a job advert, with an email linking to a dropbox folder. Within the folder is a self-extracting archive, apparently the applicants CV and photo only once extracted the ransomware is installed.
The system is then tricked into a critical error, resulting in everyone’s favourite blue screen of death. During reboot the false master boot record (MBR) that was put in place by Petya will encrypt the master file table, this is the record of every file, location and where and how to get it to it on your system. By encrypting this file, you don’t need to go near the actual files, as any operating system will be unable to find the files. Encrypting one file instead of hundreds reduces the speed, meaning that people are often left with no choice but to pay the 0.99BTC (£296 roughly) fee that they request.
With ransomware getting even more aggressive in its tactics, it’s all that more important to ensure you check emails because you receive them and keep your anti-virus and anti-malware software up to date.