Skip to main content
Customer Support Customer Support

Latest Petya Ransomware Strain Comes with a Failsafe: Mischa

  • May 13, 2016
  • 5 replies
  • 0 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
By Michael Mimoso May 13, 2016
 
                                           



The Petya ransomware strain signaled a new escalation for crypto-malware when it surfaced in March. For the first time, ransomware went beyond encrypting files on local and shared drives and instead set its sights on locking up the Master File Table on compromised machines.

Petya did have its shortcomings and before long, researchers were able to develop a tool that recovered some files lost to infections.

The criminals behind Petya, meanwhile, have addressed another weakness where the malware would not execute if it were not granted administrative privileges in order to target the MFT. A new installer for Petya was found and disclosed on Thursday. It comes with a failsafe; if its installer is not granted the privileges it seeks, it instead installs another strain of ransomware known as Mischa.
 
Full Article
    RetiredTripleHelix
    Baldrick
    Ssherjj

    5 replies

    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • May 13, 2016
    Very nasty indeed...and this really, really puts the emphasis on having an image of one's disk rather than just having data backups, as the best solution should the unfortunate happen and this one strikes. 
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    Ssherjj
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    An interesting article about Petya and Mischa if you are wanting to look deeper.
     
    May 19, 2016 | BY hasherezade

    After being defeated about a month ago, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie.

    They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to this phenomenon. Welcome to part one! The main focus of this analysis is Petya (the Green version).

    Let’s start with some background information.

    This time authors also deployed a page with information for potential clients of their Ransomware-As-A-Service:
     
                    


     
    Full Article
    Baldrick
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • May 20, 2016
    Indeed, very interesting, Jasper...thanks. One for a more detailed look this weekend, methinks.
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    June 10, 2016 | BY hasherezade
     
                                             


     
    After being defeated in April, Petya comes back with new tricks. Now, not as a single ransomware, but in a bundle with another malicious payload – Mischa. Both are named after the satellites from the GoldenEye movie.
     
    They deploy attacks on different layers of the system and are used as alternatives. That’s why, we decided to dedicate more than one post to this phenomenon. Welcome to part two! The main focus of this analysis is Mischa and Setup.dll (the malicious installer that chooses which payload to deploy).
     
    Full Article
    RetiredTripleHelix
    Baldrick
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • June 10, 2016
    Well, lets hope that as in the Bond film the good guys when in the end and destroy the Golden Eye satellites. ;)
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    Terms & ConditionsAccessibility statement