Petya Ransomware infects MBR

Discussion in 'malware problems & news' started by stapp, Mar 26, 2016.

  1. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Backup backup backup. The best way to defend yourself against stuff like this...
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Easter

    Oh yes indeed.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Deja vu :eek:
     
  4. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    Common sense is best protection against Petya:

    Don't open e-mails from people you don't know and don't click on any link that looks suspicious!

    When in doubt, delete, delete, delete.
     
  5. guest

    guest Guest

    or just use Shadow Defender :D
     
  6. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,793
    Location:
    .
    Sandboxie actually can contains it successfully. It can't escape SBIE's robust containment whatsoever, I already tested it. But Shadow Defender is advisable to protect your PC system wide or the volume/partition of your choice.
     
  7. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    SBIE maybe feasible to use in a home environment, it's not practical to be used in any production environment in work.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Why? If a browser is used to access the internet SBIE is vital. More so in a production environment
     
  9. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Maybe my statement was not clear. I meant to say office computers in companies/universities, not consumer PC.
    In enterprise PCs, 1. employees of most industry/academia units are too lazy to be trained to use such kind of software on their office computer; 2. most enterprises has their established SRP/Applocker policies enforced that only run whitelisted apps on employees computers. 3. in work computers, employees are on LUA, basically don't have high enough user privilege to install any software/scripts, so their computers are already locked down and these malware could not really do any harm.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Actually according to Invincea, more and more Sandboxie is reaching into companies. When a ceo says learn something, people if they want their jobs get unlazy. Also based on the number of hacks, etc on major companies and government agencies, they aren't doing that well in stopping malware.
     
  11. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,935
    Location:
    UK
  12. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    @stapp Thank you for sharing.

    Here's the direct link to the Password Generator and recovery article: http://www.bleepingcomputer.com/new...ion-defeated-and-password-generator-released/

    I am always amazed to see the collaborative effort between security researchers for the good of everyone. There's leostone (https://twitter.com/leo_and_stone) who did the brilliant mathematical work and Fabian Wosar, who we all know and respect, who created the tool to make it easier on the end users to capture and copy the correct bytes from the hard drive to make it something that ordinary users could accomplish. That kind of collaborative effort between security researchers put a smile on my face, indeed. It's great to see many other security researchers as well giving some of their spare time into helping to stop many of these recent ransomware variants by trying to defeat the crypto, or by finding other weaknesses in implementation, then releasing decryption tools to help free these users these criminal organizations. :thumb:
     
    Last edited: Apr 11, 2016
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Florian Wosar or Fabian Wosar
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    :thumb: Guy has done more than anyone I know of towards developing decrypts for ransomware.
     
  15. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    A keygen for a ransomware key, that is pretty cool. Hail to the power of reversing. I did find this piece of malware to be pretty lame all in all and the fact that it has been completely reversed in such a short time confirms it. There are much nastier ones out there to worry about.
     
  16. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Is he the same guy who work on Emsisoft Anti-Malware?
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Yes.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    His name is Fabian Wosar
     
  19. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    My apologies, it has been a long day. I've corrected his name. :)
     
  20. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.