New Ransomware Targeting HR Departments & Locking Data

Foot Shape
Foot Shape

Download your



Top Imgs

Just Send Us your Email. That’s It.


Businesses need to take notice – Ransomware is a pervasive threat that is only continuing to grow more dangerous and complex.


Case in point: malware experts in Germany have discovered a new type of lock-ransomware that uses a lock screen to prevent victims from accessing their files.

Also referred to as lockers, lock-ransomware is the first type of ransomware that was discovered before the major rise of crypto-ransomware. Instead of encrypting files, it essentially locks user’s access to data. Typically this is a desktop-level lock screen, but some strands have been known to lock up only the browser window.

A New Form of Lock-Ransomware

These days, lock-ransomware is mostly found on mobile devices and they’ve proven to be incredibly frustrating. Now, however, German security firm G DATA has discovered a new strand of lock-ransomware known as Petya.

Petya has been spread using spear-phishing campaigns aimed at human resource departments. It works like this: HR employees receive an Email with a link to a file stored on Dropbox, where an applicant’s CV can be downloaded. This file is an EXE file named portfolio-packed.exe, which if executed, immediately crashes the system into a standard Windows blue screen of death.

As soon as the user restarts their computer, it will enter a fake disk check process that, once completed, will load Petya’s lock screen. Restarting the computer over and over will always result in the same action. The screen provides a link to the ransomware’s payment site, hosted on Tor. After the user purchases a decryption key, he can enter it at the bottom of the lock screen. Petya holds data ransom for about $400.

G DATA is currently still analyzing this new type of ransomware and has not yet discovered a method to get around this screen and boot the OS.

For more of the latest IT security news and updates, reach out to the team of experts at IT-Simplified. Contact us at or (866) 338-5289 to learn more.

Contact IT-Simplified Now!

Real Time Analytics