The author of the Petya-Mischa ransomware combo has returned with a new version that uses the name GoldenEye Ransomware, continuing the malware's James Bond theme.
Being infected with Ransomware is scary enough, but there are certain ones that my kids and others helped me pick out that they think are downright creepy. So a little Halloween treat, I have put this article together to showcase what I, and others consider, the creepiest ransomware infections.
Cisco Talos has released a Windows disk filter driver called MBRFilter that listens for programs trying to modify the Master Boot Record and blocks them. This effectively blocks these types of ransomware from being installed and encrypting the MBR.
This week we have leaked keys, analysis of a new family, 1 new ransomware variants, 3 new ransomware infections, and 1 new ransomware decryptor. It was a big week for the Petya and Mischa devs as they opened their Ransomware as a Service to the public and leaked 3,500 decryption keys for the Chimera Ransomware.
Today, the Petya and Mischa Ransomware devs have made their Ransomware as a Service, or RaaS, open to the public. For the past few months, the Petya & Mischa RaaS has been been in testing with a limited amount of supposed high volume distributors. As of today, any would-be criminal can signup and become an official distributor.
The devs behind the Mischa and Petya ransomware have leaked approximately 3500 RSA decryption keys for the Chimera Ransomware. These keys are in hex format, but can be converted back to their normal format and used within a decryptor by a security company or professional.
This week we have 3 new ransomware variants, 2 new ransomware infections, and 4 new ransomware decryptors. Stampado finally popped its head out of its hole, but was quickly squashed and a slew of new decryptors were released. Overall, a good week for the good guys.
A new version of the Petya disc-encrypting ransomware has been released that fixes a bug in its encryption algorithm. This bug used to be exploited, but with the implementation fixed, it may prevent these weakness from being exploited.
The developers behind the Petya and Mischa Ransomware infections have also released a Ransomware as a Service portal. This service allows malware distributors to earn a revenue share by distributing the Petya ransomware installers.
In order to stop leaving money on the table, the developers of Petya have bundled an extra ransomware called Mischa into the installer. Mischa is used as a backup ransomware infection in the event that Petya is unable to be installed due to a lack privileges
A method to decrypt Petya Ransomware encrypted hard drives have been discovered. Using a special site and tools, it is now possible to extract data from the encrypted drive that can then be used to create the password required to decrypt it.
Instead of targeting your files, the Petya ransomware goes for it all by encrypting the Master File Table on a victim's drive. This prevents any files, including Windows, from being accessible until a victim pays the ransom.