The Petya ransomware, a particularly vicious threat, has reared its ugly head once again; only this time, it’s not alone. Petya now comes bundled together with Mischa, another ransomware that works well alongside Petya. The ransomware is delivered via an inconspicuous email disguised as a job application, with a resume attached. Once the user downloads the file, Petya encrypts the files on the device.
The original version of Petya had a signature attack that struck the master boot record, restricting access to it until a ransom was paid through a dark web payment portal. Of course, there was no guarantee that paying up would resolve the problem, so it was entirely possible that the ransomware could add insult to injury and not decrypt the files at all. Thankfully, Petya had a weakness, and professionals were able to exploit it and find a fix for the ransomware.
Not this time, though. Petya comes with Mischa, which is a more traditional ransomware that can be just as dangerous as its counterpart. Mischa blocks access to files until the user pays a ransom. The ransomware will then link to a Tor payment site that allows the user to pay up and decrypt their files. Mischa encrypts executable files, while leaving the Windows and browser folders untouched, which provides access to files containing payment instructions for the user.
Now, here’s the problem with this development. Petya could be prevented by refusing administrator access upon downloading the installer. Here, literally, is the dilemma: selecting “yes” will download Petya, while selecting “no” will install Mischa. Either way, you get hit.
Mischa’s payment site works in largely the same way as Petya’s. Once you input the authorization code provided by the ransomware, you purchase enough Bitcoins to pay for the ransom. The current exchange rate is approximately $875 per Bitcoin, so you might be shelling out some heavy-duty cash for this. Once the user has purchased enough Bitcoins, the malware will then provide the Bitcoin address where it must be sent.
Though researchers managed to find a way around Petya, no such workaround has been found for Mischa. This is a recurring theme for ransomware, which is often so difficult to remove, that it forces large enterprises to either restore a backup of their data, or pay the ransom, rather than lose access to their files completely. As with all cases of malware, we urge you to do your research, and contact SMART Services at 586 258-0650 before caving into hackers’ demands.
As with all threats that work, Petya and Mischa have plenty of copycats out there that attempt to replicate their success. Malwarebytes has identified another two-in-one ransomware called Satana that functions in a similar way, locking the master boot record and the complete file record. In comparison to Petya and Mischa, however, Satana will run both types of ransomware, rather than just install one or the other.
Malwarebytes reports that Satana is still in development and has flaws that can be exploited, but the thought of malware continuing to develop in this sense is a bit unnerving, especially for business owners that may not devote enough time and resources to security solutions.
Let Smart Services position your agency for tomorrow’s technological challenges. For 25 years, Smart Services has helped agencies across the U.S. face a changing environment by providing innovative technology solutions that allow agencies to focus on growing their business. MyAgency Cloud, our complete cloud solution, covers all your technology needs in the cloud or at your agency. In today’s competitive environment, it’s time to make your agency technology a strategic asset, instead of a liability. Let us show you how. To learn more, please call our expert agency technology advisor at 586-258-0650.
Comments