Do NOT open any suspicious job application from your mailbox. It could be the Petya ransomware, discovered lately by security firm Trend Micro. Petya Ransomware is a new malicious program which overwrites the MBR (Master Boot Record) of your PC and leaves it unbootable, and also disallows restarting the PC in Safe Mode.
Petya Ransomware reportedly is spread via emails, where the targets get an email masked as a job application. This malicious email contains a cloaked hyperlink to download applicant’s CV located at a specific Dropbox location.
This professed Dropbox folder contains a self-extracting executable file and a photo of the applicant. The so-called CV, which actually is a self-extracting executable file silently parks a Trojan on your system which further executes the Petya Ransomware. Like any other ransomware, this program also can easily blind any of your antivirus software.
Once installed, this program overwrites the Master Boot Record of your entire hard drive and causes a sudden Windows crash. This modified MBR doesn’t let the user reboot his PC and displays a red and white ASCII skull with a ransom message with a deadline saying,
“You became a victim of Petya Ransomware”
It demands for a certain amount of bitcoins in exchange of the decryption key.
As per the report released by Trend Micro, the ransom price currently is $431 which is equal to 0.99 Bitcoins. Furthermore, the attackers warn saying that the ransom price would be doubled if the user misses the deadline shown on screen. The updated report, however, states that the malicious files hosted on Dropbox and its links are removed.
If you are seeing a flashing red and white skull and crossbones screen instead of your usual Windows icon, your PC is sadly infected with this nasty ransomware.
UPDATE: The Petya ransomware decrypt tool & password generator is now available for download.
- Tags: Ransomware