k_Street Consulting, LLC Blog

k_Street Consulting, LLC has been serving the Washington area since 2009, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: New Petya Ransomware Spreads via Fake Online Resumes

b2ap3_thumbnail_ransomware_petya_400.jpgNext time you see an unsolicited resume in your email, it’s worth scrutinizing before you just click on it. It could be a nasty new ransomware called Petya.

Petya is a particularly mean-spirited ransomware that hackers use to extort money from their victims. Infection begins with a Windows error, followed by the typical “blue screen of death” reboot, and displays a red skull and crossbones. As the computer restarts, a fraudulent “system check” allows the infection to encrypt the master file table (MFT), so the computer more or less “forgets” where, or even which, files it has.

In addition to doing this, instead of barring access from particular files, Petya locks the user out of their system entirely by overwriting their computer’s master boot record. Once this happens, the computer is rendered useless (you can’t even log in), only displaying a list of demands, an online address to appease those demands in Bitcoin, and finally, a decryption code to regain access to the files.

When the user accesses the payment page, they learn that they have a limited amount of time to purchase their key before the price is doubled--from around an initial cost of .99 Bitcoins, which is equivalent to about $430. While many websites claim that there are commands that will allow the user to skip the lock screen, the MFT will still be encrypted, and the files still useless. Additionally, there’s no guarantee that the decryption key provided upon payment will even solve the problem, potentially leaving the user short $430 and all of their digital files.

Business owners and human resource representatives need to be particularly alert, considering that the preferred method of dispersement for Petya is via email, specifically disguised as what would appear to be a message from someone seeking a job. The message contains a hyperlink that directs to a Dropbox containing a “resume” (an antivirus program-blinding Trojan containing Petya) and a stock photo. With these tactics, Petya had been plaguing German businesses, with no telling when it may spread.

Fortunately, a programmer has come up with a fix to remove Petya without paying any ransom after his father-in-law’s system was targeted. Thanks to some purported carelessness by the authors of this malware, the encryption is crackable. To do so, however, isn’t such a simple task - it requires a second, uninfected hard drive, for starters. So while Petya has been cracked, it is still better to not be a target in the first place.

So how does one avoid such an attack? Mainly vigilance, assisted by k_Street Consulting, LLC’s security solutions that help detect and block questionable sources. Call (202) 640-2737 for more information about products to keep your company safe from the cyber pirates flying a digital skull and bones.

Tip of the Week: The Top 5 Mistakes that Ruin Mobi...
It’s the End of the Line for Microsoft SQL Server ...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, 22 December 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

2013
January
February
March
April
May
June
July
August
September
November