Petya Ransomware to Infect Master Boot Record

petya-ransomwareIf you are using windows PC and think that you cannot be a victim of cyber fraud, you need to be careful. There is yet another malware that has been written by cyber hackers which is better known as Petya Ransomware. Till now you must have been familiar with all the nasty traits of ransomware and strategies that is adopted to make users its victims. This is again a nasty malware that is ready to encrypt the files and has been written by hackers recently. However it is different in its course of action as it targets master boot file and records that are integral part of Windows components. One thing be sure, if Petya Ransomware happens to target your PC, it will leave it devastated. This is because, once it encrypts MBR files, it will simply make it in-operational for further uses. A brief significance of MBR or Master Boot Record is important to be quoted here. Actually these files are present on NTFS volume and are so significant for the identification and to know complete location of OS. Also, it fetches the data pertaining to file name, location as well as the file size.

Once Petya Ransomware targets the compromised PC, it drops malicious codes infecting MBR. Thereafter whenever the targeted PC boots up the code dropped by ransomware gets activated and thus locking important system files on the NTFS volume. Thus it prevents the booting of the Windows Computer. What more, users will be further asked for payment of the ransom amounting 0.9 bitcoin for claiming decryption keys. Since the Windows cannot boot up, users generally get panic and prefer to pay the ransom amount to hackers particularly if they do not wish to part with important data stored on their system. However it is advised not to pay the ransom to hackers in haste as there is no guarantee that the files will be recovered even if the payment is made. Thus it is advisable to remove malware from the PC.

Instead, Researchers have found a solution to decrypt Petya Ransomware. However for that users need to remove startup drive disk from the compromised PC and it need to be connected to another PC that is working fine. Also the data present on the hard drive need to be extracted

the base-64-encoded 512 bytes of sector 55 (0x37h) with an offset of 0.
 the 64-bit-encoded 8-byte nonce from sector 54 (0x36) offset 33 (0x21).

For more details read:

also find complete steps here: