Petya, new ransomware is installed on the boot record and locks the hard drive

We have said many times, the ransomware are probably the moment of malware. The reason is simple: a ransomware asks for a ransom of files taken hostage on the system, and probably represents the type of malicious software that provides the attacker gain a simpler and straightforward as possible. Once it takes root on the machine blocks some of the hard-disk data and asks for a ransom to "liberate" the key that is used for decoding of the same.

Lawrence Abrams BleepingComputer has created a new ransomware in circulation, known by the name of Petya. Its peculiarity is that it targets the entire drive boot the system with encryption and protects the MFT, the Master File Table, or the place of a disk formatted as NTFS in which all the information of each file or folder are recorded . Until now Petya was delivered mainly to German agencies via e-mail through Dropbox links.
It is targeted especially the human resource departments, whose employees are driven to the execution of the software. If you launch the Windows executable attachment warns of the potential hazard, but if the user proceeds with the installation Petya creeps into the MBR (Master Boot Record) of the computer, the system is restarted by running a fake Windows CHKDSK , with the message: "One of your disks contains errors and needs to be repaired."
Completed the sham operation, the software displays a screen depicting a skull in ASCII characters announcing that the user has become "a victim of ransomware Petya". Do not miss the usual information on the procedures to restore normal disk usage through some hidden services of the Tor network. In the case shown by Abrams attackers they had demanded about 0.9 Bitcoin, about € 330 at current exchange rates, for the restoration of the system.
As reported by Abrams the only way to regain the hard-disk data would be to pay the assailants, though many sites claim that Petya can also be position following his installation correcting mistakes made in the MBR: "This removes the lock screen, "does, however, note Abrams. "But not decrypt the TEK your files and the Windows installation will remain inaccessible. The repair of the MBR is only useful if you do not care to recover lost files and you are willing to reinstall Windows."
According to Fabian Scherschell Heise Security encryption performed by Petya in its first stage is actually simply circumvent. If taken at this stage the data can be easily recovered by booting the system from a different storage device. UEFI also Petya can simply damage to boot information, making it impossible to start the car but failing to decrypt any content stored in its local drive.

The advice is always the same: protect yourself with specific software but above all, given the wave of ransomware in recent months, have always a current backup of all your files. Is this the most appropriate measure to protect 360 ° by a cryptovirus.