Petya Ransomware Just Got Worse
May 2016 by
As if encrypting your files wasn’t enough, Petya ransomware is now going the extra mile to ensure your files are locked. Normally, for Petya to infect a computer, it needs to obtain administrator privileges. However, the Peyta creators have updated the ransomware to activate Mischa, another form of ransomware, if administrator rights are not granted.
According to Neowin, Mischa encrypts several file extensions, including .exe files. By encrypting the .exe files, Mischa goes the extra mile to ensure a user cannot run any executable files. The ransom demand associated with Mischa is reported to be 1.93 bitcoins, or $875 USD.
Eldon Sprickerhoff, founder and chief security strategist at eSentire says, "Malware evolution seems to be as rapid and cutthroat as any jungle environment, where survival and propagation go hand-in-hand. Authors have frequently co-opted functionality from different malware strains into the next generation of code - regularly sampling the efficacy and profitability of each generation.” Mark McArdle, eSentire’s CTO added, “Malware authors have recognized that designing robust software that blackmails users by holding their data captive is the most lucrative thing to happen for them since Google monetized the click. Traditional approaches to preventing ransomware are failing because the bad guys are innovating faster than the good guys can create signatures.”
Dodi Glenn, VP of cyber security at PC Pitstop says, “The first version of Petya was intense, wreaking all kinds of havoc once a PC became infected, including encrypting files and locking up the hard drive. However, in order for Petya to worm its way into your system, you needed to allow it administrator rights through the UAC security feature. Now with Mischa, you’re damned if you do, damned if you don’t.” Stu Sjouwerman, founder and CEO of KnowBe4 says, “This is the first time that this type of malware comes with a double-barrel ransomware attack. It also uses innovative social engineering to trick the end user into opening a PDF resume, for example. Employees in human resources and accounting are high-risk groups that need to be taken through effective security awareness training, which includes frequent simulated phishing attacks.”