Security-X

Forum Security-X => Sécurité Générale => Malwares => Discussion démarrée par: chantal11 le mai 22, 2016, 08:39:38

Titre: [BC] Petya is back and with a friend named Mischa Ransomware
Posté par: chantal11 le mai 22, 2016, 08:39:38

Bonjour,

Une fiche BleepingComputer sur le ransomware Petya / Mischa

Petya is back and with a friend named Mischa Ransomware (http://www.bleepingcomputer.com/news/security/petya-is-back-and-with-a-friend-named-mischa-ransomware/)

Citer

A new installer for Petya was released that also installs the Mischa Ransomware if it is unable to gain Administrative privileges.  In the past, when Petya was installed it requested Administrative privileges so that it could modify the master boot record. If it was unable to gain these privs, the installer would not do anything to the computer.  This has all changed, though, as now if the installer is unable to gain the required privs, it will instead install the Mischa Ransomware instead.


Unfortunately, at this time there is no way to recover your files for free, but it is always suggested that you attempt to use Shadow Explorer to see if your Shadow Volume Copies are intact. These can then possibly be used to restore older versions of the encrypted files. You can find information on how to do this in the Locky Information guide: http://www.bleepingcomputer.com/virus-removal/locky-ransomware-information-help#shadow.

Titre: Re : [BC] Petya is back and with a friend named Mischa Ransomware
Posté par: chantal11 le mai 22, 2016, 08:41:25

Une autre fiche sur ce ransomware Petya / Mischa

The Petya and Mischa Ransomware are part of a new Affiliate Service (http://www.bleepingcomputer.com/news/security/the-petya-and-mischa-ransomwares-part-of-a-new-affiliate-service/)