IT Specialist Blogs

rss

News, Topics and Opinions on Information Technology

Specify Alternate Text

There is a new ransomware strain called "Satana" (the reference is clear, just take the last "a" off) which is a blend between classic file encryption malware and the Petya strain which locks the Master Boot Record (MBR). 

This looks like a Petya copycat, but for each encrypted file, Satana prepends their email address to each file like this: "email@domain.com_filename.extension". 

Satana then encrypts the MBR and replaces it with its own. The first time when a user reboots their workstation, Satana's MBR boot code will load and the only thing the machine will show is Satana's ransom note in red on black (pictures at the blog link below) 

Security researcher Hasherezade posted the initial discovery at Malwarebytes, and stated it might be possible to recover the original MBR. Recovering MBR records via Windows' cumbersome command-line interface is not for the weak of heart, but doing that does not mean you can decrypt the files though. 

According to the Hasherazade, the code looks like a work-in-progress, as its developers are still adding "new features". Stay tuned, this puppy is going to cause some damage when they start pumping it out. 

Here's this week's ransomware roundup, covering the recent high volume spam-spewing Zepto strain:
https://blog.knowbe4.com/ransomware-roundup-july-2016-satana-new-mbr-/-file-encryption-strain

 

Showing 0 Comment


Comments are closed.

Interested in submitting content for publication and syndication on the IT Specialist Network?

As a contributing writer on the IT Specialist Network, you can quickly gain exposure as an opinion leader or subject matter expert in information technology by informing a large audience of technical professionals. We welcome new and established authors that specialize in one or more sectors of the IT industry. Once your article(s) is approved for publication, it will be selectively syndicated throughout the IT Specialist Network.

Click here to contact us.