The Petya ransomware just became a whole lot worse. The unusual ransomware that first popped up on security researchers’ radar in March now bundles a second file-encrypting program for instances in which it cannot replace a computer’s master boot record to encrypt its file table. Instead of encrypting files directly, it encrypts the master file table and replaces the computer’s master boot record code with its own malicious code that displays the ransom note and leaves the computer unable to boot. Typically, in order to rewrite the master boot record the malware needs to gain administrator privileges by asking users for access via the User Account Control application in Windows. Previously, if Petya failed to gain admin privileges, the infection routine would stop. However, the latest variant installs another ransomware program called Mischa that begins to encrypt files directly – an operation which does not require admin privileges. The ransom that Mischa currently demands is about $875 to get access back to your files. The installer for Petya and Mischa is distributed via emails that pose as job applications. These emails contain a link to an online file storage service that hosts a picture of the alleged applicant and a malicious executable file that masquerades as a PDF document. If downloaded and executed, the fake PDF file tries to install Petya ransomware and if that fails, installs Mischa.
If you think your computer has already been infected, bring it to our South Beckham location and we can diagnose it for free. Computer Repair in Tyler offers removal of spyware, malware and ransomware. However, we strongly recommend that you routinely back up your important files and data because with ransomware there is currently no way around the ransom payment. Even when you pay the ransoms, which are usually hundreds of dollars, there is no guarantee your files will be restored. When you routinely backup your data, we are able to restore from your backups and get rid of the ransomware. Read more about Computer Repair in Tyler’s virus removal here.