Charlie Osborne of the Zero Day Blog is reporting about a new ransomware virus currently seen in the wild infecting Windows computers.
Normally ransomware programs will encrypt or scramble the data on your computer and any networked computers and then provide you a way to pay for the release of a passcode to unlock it. Good backups and good computer hygiene is the primary defense against such attacks.
This new variant called Petya encrypts the entire hard drive of the computer rendering it unable to boot without the code. According to Bleeping Computer, Petra has been currently targeting HR departments of German companies. The infections are coming in as Phishing emails containing Dropbox links to applications, when run, installs Petya.
Once installed, the boot process of the computer is hijacked and is replaced with a program that looks like its doing a disk check, something you commonly see on Windows computers if it detects a bad file or hard drive location. This fake scan is actually doing the encryption on the computer. At the end you’re presented with a request for a code to unlock the computer and how to pay to get your unlock code.
The following video posted on Bleeping Computer depicts what you can expect.
At present, short of paying for an unlock code, the only recourse is to reload Windows on the computer after removing the infection from the boot section.