App Review Petya MBR Encryption Ransomware Test

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
May I ask a question? I didn't get what exactly happens before the reboot.
If the encryption starts after the reboot, would be enough to prevent the reboot and delete the ransomware? I don't know about Petya, but, for example, tesla 3.0 wasn't much difficult to remove, the difficult part is to decrypt.

Thank you
 
  • Like
Reactions: Der.Reisende
Dirk41 said:
May I ask a question? I didn't get what exactly happens before the reboot.
If the encryption starts after the reboot, would be enough to prevent the reboot and delete the ransomware? I don't know about Petya, but, for example, tesla 3.0 wasn't much difficult to remove, the difficult part is to decrypt.

Thank you
Click to expand...


OK got it: from bleepig computer:
When first installed, the Petya Ransomware will replace the boot drive's existing Master Boot Record, or MBR, with a malicious loader. The MBR is information placed at the very beginning on a hard drive that tells the computer how it should boot the operating system.
Click to expand...
 
  • Like
Reactions: Der.Reisende
Dirk- When Petya is run it will establish priority loading for itself then reboot the computer. On reboot that Checkdisk routine you see running is fraudulent, giving time for the malware to corrupt (encrypt) the Master file Table (so it seems to things that the hard drive does not exist).

It is curious that on some German Forums people have been using Recovery console and getting to a command prompt where they are using bootrec with the usual switches (/rebuildBCD, /fixmbr, and /fixboot) and saying that the system was recovered. Now this routine presupposes that Recovery Console can actually see the corrupt Windows installation which it cannot on every sample that I've come across, so I find these claims curious.
 
  • Like
Reactions: Der.Reisende and Dirk41

You may also like...