A new type of malware has been described, one that takes crypto-extortion to a new level. While most cryptographic ransomware variants are selective about what they encrypt—leaving the computer usable to make it easier for the victim to pay—this new entry targets the victim’s entire startup drive, encrypting the master file table (MFT).
Called Petya, the new ransomware is just the latest ransomware deliberately tailored for victims within organizations with IT support instead of a broader audience. As BleepingComputer’s Lawrence Abrams documented, Petya is currently being delivered via Dropbox links in e-mail messages targeting human resources departments at companies in Germany. The links are purported to be to an application to be installed by the HR employee.
Running the attachment throws up a Windows alert; if the user clicks to continue, Petya is inserted into the master boot record (MBR) of the victim’s computer, and the system restarts. On reboot, the malware performs a fake Windows CHKDSK, warning “One of your disks contains errors and needs to be repaired,” Petya then flashes up an ASCII skull and crossbones on a red and white screen, announcing “You became victim of the PETYA RANSOMWARE!”