1 min read

MBR-Encrypting Ransomware Petya Gets Bitdefender Vaccine

Liviu ARSENE

April 20, 2016

MBR-Encrypting Ransomware Petya Gets Bitdefender Vaccine

The Petya ransomware that has been encrypting the NTFS Master File Table has recently been analyzed by the Bitdefender research team and found to sport similarities with other ransomware families, such as Chimera and Rokku.

This information could point to the same group of cybercriminals, except this time they’ve used advanced low level programming skills to develop the Petya strand. However, because the encryption process was flawed, our security researchers were able reverse engineer it and come up with a vaccine that makes decryption a lot easier in case of infection. Particularly, users will be presented with the decryption key, allowing immediate decryption.

An in-depth analysis of the Petya ransomware can be found in our “Petya Ransomware Goes Low Level” whitepaper (here), and here are some of its key findings:

  • Potentially same developers as the ones behind Chimera and Rokku ransomware families;
  • Works faster – Petya doesn’t encrypt files; it encrypts the NTFS Master File Table (MFT);
  • Features its own bootloader and Kernel – few ransomware families have that;
  • Reverse engineered by Bitdefender to offer a free tool that assists in  decryption of NFTS MFT (third-party tools have become available, but they’re more difficult to use).

Those who wish to avoid infection by this strand of ransomware can Download the Bitdefender Petya Ransomware Vaccine!

tags


Author



Right now

Top posts

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign

How We Tracked a Threat Group Running an Active Cryptojacking Campaign

July 14, 2021

10 min read
A Note from the Bitdefender Labs Team on Ransomware and Decryptors

A Note from the Bitdefender Labs Team on Ransomware and Decryptors

May 26, 2021

2 min read
New Nebulae Backdoor Linked with the NAIKON Group

New Nebulae Backdoor Linked with the NAIKON Group

April 28, 2021

1 min read
Good riddance, GandCrab! We’re still fixing the mess you left behind.

Good riddance, GandCrab! We’re still fixing the mess you left behind.

June 17, 2019

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
Bogdan BOTEZATUVictor VRABIE
9 min read
Debugging MosaicLoader, One Step at a Time Debugging MosaicLoader, One Step at a Time
Janos Gergo SZELESBogdan BOTEZATU
1 min read
How We Tracked a Threat Group Running an Active Cryptojacking Campaign How We Tracked a Threat Group Running an Active Cryptojacking Campaign
Bitdefender

July 14, 2021

10 min read