Slashdot Mirror

← Back to Stories (view on slashdot.org)

Petya Ransomware Uses DOS-Level Lock Screen, Prevents OS Boot Up (softpedia.com)

Posted by BeauHD on from the forced-to-pay-up dept.

An anonymous reader writes: A new type of ransomware was discovered that crashes your PC into a BSOD, restarts your computer, and then prevents your OS from starting by altering the hard drive's master boot record (MBR). This keeps the user locked in a DOS screen that doubles as the ransomware's ransom note. The ransomware's name is Petya, and was currently seen only targeting HR departments in Germany.

9 of 155 comments (clear)

  1. Re:Oh it's another one of those by bondsbw · · Score: 4, Informative

    Sounds more like a problem where the author of the article doesn't know the difference between DOS and "not GUI".

    This changes the Master Boot Record and encrypts files while it displays the skull logo and warning message. From what I can tell, you can simply unplug your computer to stop the process of encrypting your files... the earlier you stop, the fewer files are affected.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  2. Dead serious answer by DrYak · · Score: 5, Informative

    What happens when I open it with WINE?

    The virus needs to modify the boot sequence so the next reboot starts its "fake" CHKDSK (to encrypt the disk and display a lock screen).

    Under most Unix, root-level privilege are necessary to write to a raw block device (as required to change the MBR) and as Wine is usually ran under an end-users account, it simply lacks the necessary rights to perform this action.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Dead serious answer by david_thornley · · Score: 5, Funny

      Sigh. Yet another thing WINE won't run.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    2. Re:Dead serious answer by roman_mir · · Score: 4, Funny

      How can it? Petya is a diminutive of the Russian name Petr or Peter for the English speakers. Petya is a little boy, running him on wine is illegal even in Russia ;)

      --
      You can't handle the truth.
  3. Re:Infection Vector by david_thornley · · Score: 4, Insightful

    They probably did, and the "applicant" disregarded that. Personally, I think that if you have to trim the pile of resumes/CVs, removing the ones that broke the submission rules and the ones that have serious spelling and/or grammatical mistakes is a good start.

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  4. Re: Why do they say "OS"? Windows-Only! by GoodNewsJimDotCom · · Score: 4, Funny

    Black hat virus writers are a bunch of bad guys, but it would be some next level evil to turn a Macintosh computer to boot into Dos or Windows.

    --
    God spoke to me
  5. Re:Only HR departments? by ericloewe · · Score: 4, Funny

    "Ransom gang" has such a negative connotation.

    How about calling them "workplace productivity enhancement team" or "employee happiness consultancy"?

  6. Re:Okay, I lied by Anonymous Coward · · Score: 4, Funny

    But when you do, you boot from DOS XX.

  7. Re:Oh it's another one of those by U2xhc2hkb3QgU3Vja3M · · Score: 4, Funny

    Some jokes never get old.

    Other ones... get integrated into the next version of systemd.