Petya is a new ransomware with an twist: instead of encrypting files on disk, it will lock the entire disk, rendering it pretty much useless. leaving the victim no choice but to pay for the ransom. It has two infection stages. The first stage is MBR infection and encryption key generation, including the decryption code used in ransom messages. The second stage is MFT encryption.
Petya will encrypt filesystem’s Master File Table, which leaves the operating system unable to locate files.. It installs itself to the disk’s master boot record (MBR) like a bootkit. But instead of covert actions, it displays a red screen with instructions on how to restore the system.Like any other malware, Petya is widely distributed via a job application spear-phishing email that comes with a Dropbox link luring the victim by claiming the link contains self-extracting CV; in fact, it contains self-extracting executable that would later unleash its malicious behavior.
petya similar to WannaCry is right now attacking Russian and Ukrainian company computers.India’s ATM network was feared to be a likely target. The only way to restore the machine without the help of the server is to catch the salsa20 key inline of the infection process, using debuggers.
Here are some ways to protect yourself from ransomware
Back up your files
The best protection against ransomware is to back up all of the information and files on your devices in a completely separate system. A good place to do this is on an external hard drive that isn’t connected to the internet. This means that if you suffer an attack you won’t lose any information to the hackers.
Be suspicious of emails, websites and apps
The most common ways for the software to be installed on a victim’s device is through phishing emails, malicious adverts on websites, and questionable apps and programs. People should always exercise caution when opening unsolicited emails or visiting websites they are unfamiliar with. Never download an app that hasn’t been verified by an official store, and read reviews before installing programs.
Use an antivirus program
Most antivirus programs can scan files to see if they might contain ransomware before downloading them. They can block secret installations from malicious adverts when you’re browsing the web, and look for malware that may already be on a computer or device.
Always install updates
Companies often release software updates to fix vulnerabilities that can be exploited to install ransomware. It is therefore advisable to always download the newest version of a software as soon as it is available.