The new ransomware (Petya) attack, currently hitting a large number of countries around the world, such as Ukraine, the UK, India, the Netherlands, Spain, Denmark, and many others. The new ransomware uses the contact details of wowsmith123456@posteo.net and demands for a payment of $300 in Bitcoin.
The malware is spreading quickly using the same Windows SMBv1 vulnerability that the WannaCry ransomware used to attack about 300,000 devices around the world.
Actually, Petya is different, the malware doesn’t encrypt or lock files on a targeted system one by one. Petya reboots targets devices and encrypts/locks the hard drive’s master file table (MFT), which is a database in which information about every file and directory on an NT File System (NTFS) volume is stored.
The malware then rendering the master boot record (MBR) inoperable, limiting access to the entire system by grabbing information about file names, sizes, and location on the physical hard disk. Then replaces the device’s master boot record (MBR) with the malware malicious code that represents the ransom note and leaves devices unable to boot.
The ransomware note says:
“If you see this text, then your files are no longer accessible, because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”