- Sep 22, 2014
- 1,767
A new version of the Petya disc-encrypting ransomware has been released that fixes a bug that previously caused some weakness in its encryption algorithm. According to Hasherezade, a security analyst for Malwarebytes, prior versions of the Petya ransomware were not properly implementing the Salsa20 encryption algorithm, which was used by the ransomware to encrypt the drive and for verifying that a correct ransom key was entered.
With this new version, the Petya developer's implementation of the Salsa20 algorithm has been fixed, which removes the previously exploitable weaknesses.
View image on Twitter
Follow
hasherezade @hasherezade
new #Petya #ransomware is out, and finally they got Salsa20 implemented correctly... so, be warned and keep safe
2:39 PM - 17 Jul 2016
It appears that Petya is still pretending to be a PDF file, but it is unsure how the ransomware is being distributed or what filename it uses. Like the previous version, when installed Petya will attempt to gain administrative privileges in order to install the disc encryptor, and if it fails, will install theMischa file encrypting ransomware instead.
Petya Lock Screen
If Petya is still being distributed like previous versions, human resource departments for companies, especially German companies, should be wary of any applicants that request you download resumes that have a name like Bewerbungsmappe. In the past, this method was used to trick people into running the installer for Petya.
With this new version, the Petya developer's implementation of the Salsa20 algorithm has been fixed, which removes the previously exploitable weaknesses.
View image on Twitter
Follow
hasherezade @hasherezadenew #Petya #ransomware is out, and finally they got Salsa20 implemented correctly... so, be warned and keep safe
2:39 PM - 17 Jul 2016
It appears that Petya is still pretending to be a PDF file, but it is unsure how the ransomware is being distributed or what filename it uses. Like the previous version, when installed Petya will attempt to gain administrative privileges in order to install the disc encryptor, and if it fails, will install theMischa file encrypting ransomware instead.
Petya Lock Screen
If Petya is still being distributed like previous versions, human resource departments for companies, especially German companies, should be wary of any applicants that request you download resumes that have a name like Bewerbungsmappe. In the past, this method was used to trick people into running the installer for Petya.
