PETYA crypto-ransomware overwrites MBR to lock users out of their computers
Jump to navigation
Jump to search
(Publication) Google search: [1]
PETYA crypto-ransomware overwrites MBR to lock users out of their computers | |
---|---|
Botnet | Petya |
Malware | |
Botnet/malware group | Cryptolocker |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2016 / 2016-03-25 |
Editor/Conference | TrendLabs Security Intelligence Blog |
Link | http://blog.trendmicro.com/trendlabs-security-intelligence/petya-crypto-ransomware-overwrites-mbr-lock-users-computers/ (Archive copy) |
Author | Jasen Sumalapao |
Type | Blogpost |
Abstract
“ As if encrypting files and holding them hostage is not enough, cybercriminals who create and spread crypto-ransomware are now resorting to causing blue screen of death (BSoD) and putting their ransom notes at system startup—as in, even before the operating system loads. Imagine turning on your computer and instead of the usual Windows icon loading, you get a flashing red and white screen with a skull-and-crossbones instead.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2016BFR4908, editor = {TrendLabs Security Intelligence Blog}, author = {Jasen Sumalapao}, title = {PETYA crypto-ransomware overwrites MBR to lock users out of their computers}, date = {25}, month = Mar, year = {2016}, howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/petya-crypto-ransomware-overwrites-mbr-lock-users-computers/}}, }