Slashdot Mirror

← Back to Stories (view on slashdot.org)

Petya Ransomware Uses DOS-Level Lock Screen, Prevents OS Boot Up (softpedia.com)

Posted by BeauHD on from the forced-to-pay-up dept.

An anonymous reader writes: A new type of ransomware was discovered that crashes your PC into a BSOD, restarts your computer, and then prevents your OS from starting by altering the hard drive's master boot record (MBR). This keeps the user locked in a DOS screen that doubles as the ransomware's ransom note. The ransomware's name is Petya, and was currently seen only targeting HR departments in Germany.

3 of 155 comments (clear)

  1. Only HR departments? by Bing+Tsher+E · · Score: 3, Insightful

    If we all volunteer to kick in a little to the ransom gang, is it possible we could spread it to all HR people worldwide? A world full of hamstrung HR people would allow us to all get direct-hire jobs.

  2. Re:Infection Vector by david_thornley · · Score: 4, Insightful

    They probably did, and the "applicant" disregarded that. Personally, I think that if you have to trim the pile of resumes/CVs, removing the ones that broke the submission rules and the ones that have serious spelling and/or grammatical mistakes is a good start.

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  3. Re:Dead serious answer by Rutulian · · Score: 3, Insightful

    Found another article,
    http://sensorstechforum.com/re...

    After the payload file has been downloaded from a link, it will ask for elevation of privilege from the user. That file has a shield icon, so users expect the Windows User Account Control to be triggered. Unsurprisingly, they open it and give it permission, as they don’t suspect that this is a Trojan horse containing the payload for the Petya ransomware.

    This is unbelievably stupid. I know, social engineering and all, but why the f$#%k would you click ok to a UAC warning to read a CV?! Cryptolocker I could understand because it just used the current user's credentials, but there is no excuse for getting infected by this.