Many companies, hospitals, universities, banks and other financial institutions are being infected by ransomwares. Many ransomware are launched to the black market in this current year that affected victims to pay millions of ransom. Petya and Mischa, two of the most popular ransomwares of 2016 has already threatened businesses from its successful file encryptions.
The developers of Petya and Mischa ransomware have officially made their malicious software open to public, and started Ransomware as a Service (RAAS). The program has launched on July 25, 2016 that pays the distributor a fair share based on the amount of bitcoins they extort from victims.
The 25% share of each 5 bitcoin is paid; while on total of 125 bitcoin per week can earn you up to 85% share. More the bitcoin can adds more percent of share. The developers of RAAS are eager to work with serious distributors only to make most of it before any counter technique is developed.
Petya requires administrative privileges to run so that it can replace the Master Boot Record and encrypt the Master File Table (MFT), which contains critical information about every file. A single dropper is capable of installing Petya or Mischa onto a victim’s computer. While if no administrative privilege is obtained, Mischa will infect the victim.
While researching on Petya ransomware, Lawrence Abrams said that:
“Petya causes Windows to reboot in order to execute the new malicious ransomware loader, which will display a screen pretending to be CHKDSK. During this fake CHKDSK stage, Petya will encrypt the Master File Table on the drive. Once the MFT is corrupted, or encrypted in this case, the computer does not know where files are located, or if they even exist, and thus they are not accessible.”
There is a decrypting tool available to defend against Petya ransomware but not for Mischa. That’s somehow making RAAS a good business with lots of distributors and profit.
Tim O’Brien, Director of Threat Research at Cloud Security Automation Company, said that:
“Above all else, end user awareness and training regarding the screening of emails and downloading files is the first line of defense.”
Therefore, when it comes to protecting an organization against ransomware, backing up the devices regularly should be considered until counter application is not developed. The installation of reputable and trusted security solution is recommended so that ransom attack can be prevented including suspicious links and email attachments.