Businesses need to take notice – Ransomware is a pervasive threat that is only continuing to grow more dangerous and complex.
Case in point: malware experts in Germany have discovered a new type of lock-ransomware that uses a lock screen to prevent victims from accessing their files.
Also referred to as lockers, lock-ransomware is the first type of ransomware that was discovered before the major rise of crypto-ransomware. Instead of encrypting files, it essentially locks user’s access to data. Typically this is a desktop-level lock screen, but some strands have been known to lock up only the browser window.
A New Form of Lock-Ransomware
These days, lock-ransomware is mostly found on mobile devices and they’ve proven to be incredibly frustrating. Now, however, German security firm G DATA has discovered a new strand of lock-ransomware known as Petya.
Petya has been spread using spear-phishing campaigns aimed at human resource departments. It works like this: HR employees receive an Email with a link to a file stored on Dropbox, where an applicant’s CV can be downloaded. This file is an EXE file named portfolio-packed.exe, which if executed, immediately crashes the system into a standard Windows blue screen of death.
As soon as the user restarts their computer, it will enter a fake disk check process that, once completed, will load Petya’s lock screen. Restarting the computer over and over will always result in the same action. The screen provides a link to the ransomware’s payment site, hosted on Tor. After the user purchases a decryption key, he can enter it at the bottom of the lock screen. Petya holds data ransom for about $400.
G DATA is currently still analyzing this new type of ransomware and has not yet discovered a method to get around this screen and boot the OS.
For more of the latest IT security news and updates, reach out to the team of experts at IT-Simplified. Contact us at firstname.lastname@example.org or (866) 338-5289 to learn more.