31478 Industrial Road Suite 200, Livonia, Michigan 48150 sales@xfer.com

XFER Blog

XFER Blog

XFER has been serving the Livonia area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Alert: New Petya Ransomware Spreads via Fake Online Resumes

b2ap3_thumbnail_ransomware_petya_400.jpgNext time you see an unsolicited resume in your email, it’s worth scrutinizing before you just click on it. It could be a nasty new ransomware called Petya.

Petya is a particularly mean-spirited ransomware that hackers use to extort money from their victims. Infection begins with a Windows error, followed by the typical “blue screen of death” reboot, and displays a red skull and crossbones. As the computer restarts, a fraudulent “system check” allows the infection to encrypt the master file table (MFT), so the computer more or less “forgets” where, or even which, files it has.

In addition to doing this, instead of barring access from particular files, Petya locks the user out of their system entirely by overwriting their computer’s master boot record. Once this happens, the computer is rendered useless (you can’t even log in), only displaying a list of demands, an online address to appease those demands in Bitcoin, and finally, a decryption code to regain access to the files.

When the user accesses the payment page, they learn that they have a limited amount of time to purchase their key before the price is doubled--from around an initial cost of .99 Bitcoins, which is equivalent to about $430. While many websites claim that there are commands that will allow the user to skip the lock screen, the MFT will still be encrypted, and the files still useless. Additionally, there’s no guarantee that the decryption key provided upon payment will even solve the problem, potentially leaving the user short $430 and all of their digital files.

Business owners and human resource representatives need to be particularly alert, considering that the preferred method of dispersement for Petya is via email, specifically disguised as what would appear to be a message from someone seeking a job. The message contains a hyperlink that directs to a Dropbox containing a “resume” (an antivirus program-blinding Trojan containing Petya) and a stock photo. With these tactics, Petya had been plaguing German businesses, with no telling when it may spread.

Fortunately, a programmer has come up with a fix to remove Petya without paying any ransom after his father-in-law’s system was targeted. Thanks to some purported carelessness by the authors of this malware, the encryption is crackable. To do so, however, isn’t such a simple task - it requires a second, uninfected hard drive, for starters. So while Petya has been cracked, it is still better to not be a target in the first place.

So how does one avoid such an attack? Mainly vigilance, assisted by XFER’s security solutions that help detect and block questionable sources. Call 734-927-6666 / 800-GET-XFER for more information about products to keep your company safe from the cyber pirates flying a digital skull and bones.

Tip of the Week: The Top 5 Mistakes that Ruin Mobi...
It’s the End of the Line for Microsoft SQL Server ...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Friday, 22 November 2024

Captcha Image

Customer Login


Cybersecurity Risk Assessment

cybersecurity-audit

Our risk assessment will reveal hidden problems, security vulnerabilities, and other issues lurking on your network.

Request Yours Today!

Contact Us

Learn more about what XFER can do for your business.

XFER Communications, Inc.
31478 Industrial Road Suite 200
Livonia, Michigan 48150