The recently released ransomware called Satana is a hard candy for the virus analysts because it still seems to be under development and there is always something new to discover. It probably won’t be long until a new and improved variant of this cyber threat appears on the Web. However, the current versions of this infection are no less worrying. The cyber security specialists have found that apart from encrypting the data on the victim’s computers, a version of the virus also takes the low-level approach and targets the Master Boot Record (MBR). As the term suggests itself, this code is responsible for booting the system. So, when it is blocked, the computer simply cannot initiate. Instead, the users is provided with a modified boot screen, displaying a ransom note that goes something like this:
You had bad luck. There was crypting of all your files in a FS bootkit virus
To decrypt you need send on this E-mail: firstname.lastname@example.org your private code: 14B4030A8A7F8B8D7B1101720567C27E and pay on a Bitcoin Wallet: XjU81vkJn4kExpBE2r92tcA3zXVdbfux6T total 0,5 btc After that during 1 – 2 days the software will be sent to you – decryptor – and the necessary instructions.
There are just a couple of viruses that actually use this malicious technique. One of such viruses is Petya ransomware. Although, this infection is even more aggressive and apart from encrypting MBR, targets NTFS MFT (Master File Table) as well. This allows the virus to block access to all the system’s records at once, without having to run an encryption of individual files. At the same time, MFT encryption makes the system recovery much more difficult. Essentially, the only way to do that is by fully resetting the system. Of course, the criminals will offer a much simpler solution – purchasing a decryption key which should supposedly help you unlock your system. However, you should note that any collaboration with cyber criminals may be dangerous: you may be scammed, robbed of your money and left with a corrupt computer. Therefore, experts suggest removing ransomware with some reliable antivirus equipment instead. In case you are not infected yet, you should put your best efforts into protecting your computer from such infections.