Petya Ransomware

Be careful opening any emails, even from people you know. Make sure your computer is backed up and you have all the latest updates to your Operating system. Run a Anti-Virus and even MalwareBytes, in 2017 you can not be too safe.

Behavioral analysis

This ransomware is delivered via scam emails themed as a job application. E-mail comes with a Dropbox link, where the malicious ZIP is hosted. This initial ZIP contains two elements:

  • a photo of a young man, purporting to be an applicant (in fact it is a publicly available stock image)
  • an executable, pretending to be a CV in a self-extracting archive or in PDF (in fact it is a malicious dropper in the form of a 32bit PE file):

petya_exe

In order to execute its harmful features, it needs to run with Administrator privileges. However, it doesn’t even try to deploy any user account control (UAC) bypass technique. It relies fully on social engineering.

Petya – Taking Ransomware To The Low Level

Posted in Security News.