Home / malware Win32/Petya
First posted on 24 May 2016.
Source: MicrosoftAliases :
There are no other names known for Win32/Petya.
Explanation :
Installation
This threat can arrive through a drive-by download with the following name:
- Bewerbungsmappe-gepackt.exe
Payload
This ransomware overwrites the Master Boot Record (MBR) with Ransom:DOS/Petya.A and encrypts system drive sectors.
After a forced reboot, the user is locked out of the system and coerced into purchasing a key to free up the system.
A recovery notification similar to the following screenshot is displayed:
Analysis by: Jireh SanicoLast update 24 May 2016
