App Review Petya MBR Encryption Ransomware Test

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
D

Dirk41

Level 17
Verified
Top Poster
Mar 17, 2016
797
May I ask a question? I didn't get what exactly happens before the reboot.
If the encryption starts after the reboot, would be enough to prevent the reboot and delete the ransomware? I don't know about Petya, but, for example, tesla 3.0 wasn't much difficult to remove, the difficult part is to decrypt.

Thank you
 
  • Like
Reactions: Der.Reisende
D

Dirk41

Level 17
Verified
Top Poster
Mar 17, 2016
797
Dirk41 said:
May I ask a question? I didn't get what exactly happens before the reboot.
If the encryption starts after the reboot, would be enough to prevent the reboot and delete the ransomware? I don't know about Petya, but, for example, tesla 3.0 wasn't much difficult to remove, the difficult part is to decrypt.

Thank you
Click to expand...


OK got it: from bleepig computer:
When first installed, the Petya Ransomware will replace the boot drive's existing Master Boot Record, or MBR, with a malicious loader. The MBR is information placed at the very beginning on a hard drive that tells the computer how it should boot the operating system.
Click to expand...
 
  • Like
Reactions: Der.Reisende
cruelsister

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Dirk- When Petya is run it will establish priority loading for itself then reboot the computer. On reboot that Checkdisk routine you see running is fraudulent, giving time for the malware to corrupt (encrypt) the Master file Table (so it seems to things that the hard drive does not exist).

It is curious that on some German Forums people have been using Recovery console and getting to a command prompt where they are using bootrec with the usual switches (/rebuildBCD, /fixmbr, and /fixboot) and saying that the system was recovered. Now this routine presupposes that Recovery Console can actually see the corrupt Windows installation which it cannot on every sample that I've come across, so I find these claims curious.
 
  • Like
Reactions: Der.Reisende and Dirk41

Similar threads

NB InfoTech
    • Like
App Review Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
Replies
4
Views
407
Video Reviews - Security and Privacy
bazang
bazang
L
    • Like
App Review Windows Defender Controlled Folders bypassed by ransomware
Replies
1
Views
366
Video Reviews - Security and Privacy
oldschool
oldschool
NB InfoTech
    • Like
App Review Trend Micro Maximum Security Antivirus Review | Trend Micro vs Ransomware Test | [TESTED]
Replies
1
Views
736
Video Reviews - Security and Privacy
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top