New ransomware makes HDD inaccessible by overwriting Master Boot Record

vbimport

#1

We’ve just posted the following news: New ransomware makes HDD inaccessible by overwriting Master Boot Record[newsimage]http://www.myce.com/wp-content/images_posts/2016/03/petya_figure1-95x75.jpg[/newsimage]

Security researchers have found a new type of ransomware that doesn’t encrypt specific files but makes the entire HDD inaccessible. The malware has been named Petya and targets mainly companies.

            Read the full article here: [http://www.myce.com/news/new-ransomware-makes-hdd-inaccessible-overwriting-master-boot-record-78970/](http://www.myce.com/news/new-ransomware-makes-hdd-inaccessible-overwriting-master-boot-record-78970/)

            Please note that the reactions from the complete site will be synched below.

#2

Probable fix: FixMBR/FixBoot?

Whatever, with the IT security picture we have today with rapidly spreading rootkits/malware/ransomware, there’s nothing to beat a good backup routine, meaning you should only loose today’s work at the most…

We may say that it should not be like that and most if not all would agree with us, but fact is it is and so we have to protect ourselves the best way that we can. Do so by backing up to an external USB device every night and disconnect it during daytime… :flower:


#3

[QUOTE=Xercus;2770857]Do so by backing up to an external USB device every night and disconnect it during daytime… :flower:[/QUOTE]

I’m a lazy *ss,so I do that only once a week…OS imaging…:bigsmile:


#4

Heh.

This sounds like the sort of dumb simple “viruses” I use to write when I was younger.

Really dumb simple stuff like a program that plays a silly ascii animation, while formating the hard drive at the same time. :wink:


#5

[QUOTE=roadworker;2770859]I’m a lazy *ss,so I do that only once a week…OS imaging…:bigsmile:[/QUOTE]

I’m no lazy *ss in this game, still the weekly schedule applies to me as well, but the user folder hierarchy resides on a different drive and that is backed up every night as well as the complete registry. In other words, once a week is overkill and I could have chosen a monthly schedule.
For the average user though, a nightly image may be the easiest method :wink:


#6

[QUOTE=Xercus;2770863]I’m no lazy *ss in this game, still the weekly schedule applies to me as well, but the user folder hierarchy resides on a different drive and that is backed up every night as well as the complete registry. In other words, once a week is overkill and I could have chosen a monthly schedule.
For the average user though, a nightly image may be the easiest method ;)[/QUOTE]

I usually made new backup operating system discs about once a year or so, in case there were problems.

Though by the time there were problems, typically it was 4 or 5+ years later. By then, it was easier to just buy a new computer instead of salvaging the old machine.

In terms of personal files, about a decade ago I largely gave up on regularly backing up my files. By then, I only really backed up files which I was currently working on. After I was finished with them, I largely didn’t care anymore.

But if a file is important enough to me, I usually printed it out.


#7

[QUOTE=jcroy;2770864]I usually made new backup operating system discs about once a year or so, in case there were problems.

Though by the time there were problems, typically it was 4 or 5+ years later. By then, it was easier to just buy a new computer instead of salvaging the old machine.

In terms of personal files, about a decade ago I largely gave up on regularly backing up my files. By then, I only really backed up files which I was currently working on. After I was finished with them, I largely didn’t care anymore.

But if a file is important enough to me, I usually printed it out.[/QUOTE]

A hardcopy of a file is of course a good thing, but maybe not very flexible in case you want to revisit a project.
Unless need be, I usually move my operating system to a new computer, but avoid copying hardware-setup, aka ‘Universal Restore’.
My main computer started as Windows 7, upgraded to to 8, then 8.1 and is currently Windows 10.
I have way too many programs on it and so it is a drag spending at least three months before it all is back. Currently running on the third hardware, with no other than the usual Microsoft ‘bug-errors’ :slight_smile:

I used XP while Vista was around and so it became natural with a fresh install for Windows 7, lazy as I am when it comes to installing and finding old utilities, more than half a year went by before I could do everything without having to install or find files first. Of course, if I had only a few ordinary installs, I would choose to do a fresh install, but as it is, I rather have a backup in case a virus hits. Even though I protect myself any way possible, I will always be vulnerable unless I do as coolcolors often suggest, disconnect from the net :flower:


#8

I highly doubt if they used the Limited user account since Vista this would happen as it would require the Owner or Admin login account to work in the first place. This is what alot of computer users forget the Owner account is just almost like the Admin account. They should first created a password protected Owner/Admin account and then create a limited user account so should that one fail they can use the Owner or Admin account to clear the account and removing the ransomware. This is what people always forget.


#9

[QUOTE=coolcolors;2770887]I highly doubt if they used the Limited user account since Vista this would happen as it would require the Owner or Admin login account to work in the first place. This is what alot of computer users forget the Owner account is just almost like the Admin account. They should first created a password protected Owner/Admin account and then create a limited user account so should that one fail they can use the Owner or Admin account to clear the account and removing the ransomware. This is what people always forget.[/QUOTE]

Of course they don’t, surfing dubious sites with full admin-rights is a must, preferably without any firewall or AV protection… and they will never understand howcome they got infected, no matter how many times.

On a serious note, extremely much trouble could have been avoided if people would use a limited account for their day to day work and log on to the admin account only for updates and as you say, if necessary to remove malware.
It is as you mentioned earlier, no matter how much we scream, bang pots and pans, roll empty barrels on a brick road, make whatever noise, these folks seem to never learn. :confused:

I am convinced however, that we should participate and never give up on spreading the message to the ignorant in threads like this.
If we can make only a few of them see the light, it will be worth it. :flower:


#10

[QUOTE=Xercus;2770857]Probable fix: FixMBR/FixBoot?
[/QUOTE]
Just what I was thinking - boot off a Windows installation disc and use FixMBR in the recovery environment. Or one of many 3rd party tools.

If all they are doing ins erasing the MBR then this isn’t anything new, just some numpty who doesn’t have the skills to write an encryption code trying to jump on the ransomeware bandwagon. :iagree:

[QUOTE=Xercus;2770857]
Whatever, with the IT security picture we have today with rapidly spreading rootkits/malware/ransomware, there’s nothing to beat a good backup routine, meaning you should only loose today’s work at the most…

We may say that it should not be like that and most if not all would agree with us, but fact is it is and so we have to protect ourselves the best way that we can. Do so by backing up to an external USB device every night and disconnect it during daytime… :flower:[/QUOTE]
:iagree::iagree:

The only thing I would add is the importance of archiving any important static data to a good write-once medium. Not only for extra security, but a good archival regime can dramatically reduce the volume of data which needs backing up (& thus the effort involved). :iagree:

I always advocate a three level approach: [ol]
[li]Organise & archive [I]everything[/I] which may need keeping medium- or long-term to a good write-once medium.[/li][li]Periodically image of your whole system drive(s). Keep a couple of previous versions. (I also semi-archive these occasionally to BD-RE.)[/li][li]Identify & backup current work [I]frequently [/I]using a method which preserves old versions (in case of corruption & human error). If working on something important, frequently could mean several times an hour. (Learnt these last lessons a long time ago, while trying to do homework/cousework on an Amstrad PC2386 running Windows 3.0.)[/li][/ol]


#11

I backup all personal files, configuration files for certain applications and game saves for certain games to blank write-once media periodically with a date on it and the number of discs in the back up and if it was quick one (new stuff or small changes only) or mass (everything personal and important). Â The worst ransomware could do is steal personal information or cause me a headache with extended downtime with my computer.

Reinstalling WIndows can be a chore, certainly… Â But I’m experienced enough in dealing with it.


#13

I do wonder: how much of the MBR is overwritten? Is the partition table erased, or does the malware only change the boot code? If the partition table is unchanged, does that mean one could simply re-create the BOOTMGR boot code? Or, are the partitions themselves lost?

Also, does this affect systems with a GPT? If not, does that mean there’s no real danger to Windows 8(.1) or 10 users, since these versions are usually installed on GPT-formatted drives?

I almost wish I could get a copy of this malware, so that I could execute it on a test VM. Then, I could see how harmful this malware actually is.


#14

I would say, the best method of backup.

Is real simple. Just use a USB connected hard drive, and just backup the important files to it (or perhaps a USB memory). Always keep a backup of the most important data, offline.

Then you are pretty safe if something was to go wrong, plus it is easy enough to actually keep people doing backups, replacing files, updating the backup.

To advanced backup systems or routines often gets forgotten about after a while.

Doing permanent backup on optical media is great but that is rare, most people do not do that, but they should.