Light Dark
May 16, 2016 By Larry Loeb 2 min read

Petya is a ransomware that always did things differently than run-of-the-mill exploits. It didn’t encrypt the files on a hard disk, but rather encrypted the entire hard disk.

To do that, it had to escalate its privileges to the administrative level. If this ploy failed, the ransomware would just shut itself down without performing any malicious action. However, that has now changed.

A New Payload for Petya

The ransomware’s developers decided to bundle another program with it, and it functions quite differently. The additional payload, called Mischa, is a fairly standard ransomware effort: It does not try to encrypt the entire hard disk as Petya does, so it does not require administrative access. It just encrypts all files and promises to decrypt them for money.

Bleeping Computer reported that the installer trail first shows up with an email pretending to be a job application. The email itself is not dangerous, but it contains a malicious link.

That directs users to a cloud storage site, where the victim is prompted to download an executable file that starts with PDF. If the file is indeed downloaded, it first tries to install Petya by corrupting the master boot records. Should that fail, the same file will install Mischa.

Mischa Does Things Differently

Mischa scans the target disk and looks for data files. It will then encrypt them using the AES encryption algorithm, adding a four-character extension to the file name. The decryption key is stored at the end of the encrypted file.

Petya and Mischa are part of a new ransomware-as-a-service (RaaS) platform. Tech Republic reported that the intent is for other cybercriminals to distribute the malware package. Should victims make a payment, the money is split between the coder and distributors.

This RaaS effort highlights a disturbing development in ransomware: Cybercriminals are teaming up to make money in inventive ways, and a wide skill set is no longer needed to cash in. The new dual-payload package shows how vigilance, as well as up-to-date backups, are needed to avoid disaster.

 |  | 
Larry Loeb
Principal, PBC Enterprises

More from

September 20, 2024

New cybersecurity advisory highlights defense-in-depth strategies

4 min read - In 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team operation against an FCEB (Federal Civilian Executive Branch) organization. In July 2024, CISA released a new CSA that detailed the findings of this assessment along with key findings relevant to the security of the organization’s network.One of the interesting findings of this SILENTSHIELD assessment was the renewed importance placed on defense-in-depth strategies. This was determined after the FCEB organization failed to respond effectively to the network breach…

September 19, 2024

CISA chief AI officer follow-up: Current state of the role (and where it’s heading)

4 min read - At the beginning of August, CISA announced that it had appointed Lisa Einstein, Senior Advisor of its artificial intelligence division, as its new chief AI officer. This announcement came following several new initiatives in the last couple of years focused on gaining a clearer understanding of the potential security impacts of AI.With the National Cybersecurity Strategy and the supporting National Cybersecurity Strategy Implementation Plan still evolving, there has been increased awareness of the value of organizations establishing an executive seat…

September 18, 2024

Cybersecurity risks in healthcare are an ongoing crisis

4 min read - While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care. In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature