'PETYA' "chkdsk" Ransomware that encrypts file allocation tables. (Defeated!)

Toggle sidebar Toggle sidebar
Elixer

Elixer

Lifer
May 7, 2002
10,371
762
126
fake-chkdsk.jpg

When first installed, the Petya Ransomware will replace the boot drive's existing Master Boot Record, or MBR, with a malicious loader. The MBR is information placed at the very beginning on a hard drive that tells the computer how it should boot the operating system. It will then cause Windows to reboot in order to execute the new malicious ransomware loader, which will display a screen pretending to be CHKDSK. During this fake CHKDSK stage, Petya will encrypt the Master File Table on the drive. Once the MFT is corrupted, or encrypted in this case, the computer does not know where files are located, or if they even exist, and thus they are not accessible.
Click to expand...

http://www.bleepingcomputer.com/new...e-files-and-encrypts-your-hard-drive-instead/

You could in theory find stuff with recovery programs, but, the actual names and dates and all that would be gone.

People need to stop paying these idiots, that is the main reason these are spreading like wildfire.

BTW, in talking about this with a few friends, since they are all financed via bitcoins and the like, and those places accept credit cards, then, why aren't people reversing the charges AFTER they get the encryption key?
Heck, seems even some ransomware doesn't even send back a valid key, even if you do pay them: http://www.bleepingcomputer.com/new...verton-ransomware-may-not-get-your-data-back/


Decrypt program now available!
http://www.bleepingcomputer.com/new...ion-defeated-and-password-generator-released/
 
Last edited:
lxskllr

lxskllr

No Lifer
Nov 30, 2004
59,401
9,926
126
Kind of like MS's chkdsk. Put a GNU/Linux drive on a Windows machine, it offers to "fix" it for you so it never works again :^D
 
John Connor

John Connor

Lifer
Nov 30, 2012
22,757
618
121
What if I infect that darknet website with my own malware that will infect their computers and give me their real IP? Not possible?
 
Elixer

Elixer

Lifer
May 7, 2002
10,371
762
126
John Connor said:
What if I infect that darknet website with my own malware that will infect their computers and give me their real IP? Not possible?
Click to expand...

You can bet they aren't using their real IP, more like 5-10+ layers of proxies between them.

However, in theory, if you seed multiple server, and have exit servers of your own on the Tor network, you could piece together enough information to at least see which proxies that they are using.
This is how they caught the child porn idiots, who thought hiding behind Tor was a shield.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom