Slashdot Mirror

← Back to Stories (view on slashdot.org)

Petya Ransomware Uses DOS-Level Lock Screen, Prevents OS Boot Up (softpedia.com)

Posted by BeauHD on from the forced-to-pay-up dept.

An anonymous reader writes: A new type of ransomware was discovered that crashes your PC into a BSOD, restarts your computer, and then prevents your OS from starting by altering the hard drive's master boot record (MBR). This keeps the user locked in a DOS screen that doubles as the ransomware's ransom note. The ransomware's name is Petya, and was currently seen only targeting HR departments in Germany.

2 of 155 comments (clear)

  1. Dead serious answer by DrYak · · Score: 5, Informative

    What happens when I open it with WINE?

    The virus needs to modify the boot sequence so the next reboot starts its "fake" CHKDSK (to encrypt the disk and display a lock screen).

    Under most Unix, root-level privilege are necessary to write to a raw block device (as required to change the MBR) and as Wine is usually ran under an end-users account, it simply lacks the necessary rights to perform this action.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Dead serious answer by david_thornley · · Score: 5, Funny

      Sigh. Yet another thing WINE won't run.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes