• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

'PETYA' "chkdsk" Ransomware that encrypts file allocation tables. (Defeated!)

Elixer

Elixer

Lifer
fake-chkdsk.jpg

When first installed, the Petya Ransomware will replace the boot drive's existing Master Boot Record, or MBR, with a malicious loader. The MBR is information placed at the very beginning on a hard drive that tells the computer how it should boot the operating system. It will then cause Windows to reboot in order to execute the new malicious ransomware loader, which will display a screen pretending to be CHKDSK. During this fake CHKDSK stage, Petya will encrypt the Master File Table on the drive. Once the MFT is corrupted, or encrypted in this case, the computer does not know where files are located, or if they even exist, and thus they are not accessible.
Click to expand...

http://www.bleepingcomputer.com/new...e-files-and-encrypts-your-hard-drive-instead/

You could in theory find stuff with recovery programs, but, the actual names and dates and all that would be gone.

People need to stop paying these idiots, that is the main reason these are spreading like wildfire.

BTW, in talking about this with a few friends, since they are all financed via bitcoins and the like, and those places accept credit cards, then, why aren't people reversing the charges AFTER they get the encryption key?
Heck, seems even some ransomware doesn't even send back a valid key, even if you do pay them: http://www.bleepingcomputer.com/new...verton-ransomware-may-not-get-your-data-back/


Decrypt program now available!
http://www.bleepingcomputer.com/new...ion-defeated-and-password-generator-released/
 
Last edited:
Kind of like MS's chkdsk. Put a GNU/Linux drive on a Windows machine, it offers to "fix" it for you so it never works again :^D
 
What if I infect that darknet website with my own malware that will infect their computers and give me their real IP? Not possible?
 
John Connor said:
What if I infect that darknet website with my own malware that will infect their computers and give me their real IP? Not possible?
Click to expand...

You can bet they aren't using their real IP, more like 5-10+ layers of proxies between them.

However, in theory, if you seed multiple server, and have exit servers of your own on the Tor network, you could piece together enough information to at least see which proxies that they are using.
This is how they caught the child porn idiots, who thought hiding behind Tor was a shield.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top