UPDATE 4-11-2016: Petya has been cracked, but recovery is technical. If you have been infected give us a call and we’ll help you recover your system.
Original Post: Reported a few weeks ago by Ars Technica and BleepingComputers, there is a new kind of ransomware that is taking data extortion to the next level. It’s called Petya, and rather than encrypting a file or two here or there, Petya infects the Master Boot Record, and when you reboot, it encrypts the Master File Table.
What does all this mean? It means when Petya infects your computer, it makes your entire hard drive completely unreadable until you enter a decryption code. Your entire hard drive! Not a file or two. The whole thing.
How do you get the decryption code? You have to pay the hacker, and hope he’s kind enough to provide it to you.
We’ve written about Ransomware and Crypto-Viruses in the past, but this takes it to a new level. With Petya, there is no way to access your files without the key. You can’t even copy them to another computer. Without paying the hacker, you can never access them again.
How does Petya spread? Same as any other malware: email. So far, it’s being delivered via Dropbox links rather than explicit attachments. We’ve written before about avoiding malware delivered via email attachments. Remember that the same rules apply when you receive a link to a file as to when the file is attached to the email; be suspicious and never, ever open an EXE, COM, SCR, VB or ZIP file.
Below is a video produced by BleepingComputers that shows the Petya infection.
Anti-Virus software should protect you from this type of malware. Unfortunately, anti-virus won’t do anything if it doesn’t have the signature of the virus in its database. So make sure you keep your anti-virus up-to-date! And even with an up-to-date anti-virus, it won’t protect you on zero-day threats — that’s when the malware first arrives. So be smart and use our tips to stay safe.
Dell has recently released their new, cutting edge Dell Data Protection | Endpoint Security Suite Enterprise; this software suite has an anti-virus that uses artificial intelligence rather than signatures to detect viruses. It has a 99% prevention rate, even on zero-day threats! It’s so good that a year-old version of the engine was able to catch mutated versions of popular ransomwares Cryptolocker, Wall and Pucky on zero-day. This is totally unheard of with traditional, signature-based anti-virus.
It’s brand new and very exciting. It’s so new and exciting that we’re bringing in a representative from Dell to demo it at our next Advantage Lunch. So, if you want to see a demo of this cutting edge software and get a free meal, sign-up for the April 20th Advantage Lunch and reserve your seat today!