NotPetya Ransomware Variant Targets Human Resources

June 27th, 2017 by Rocket IT

Another in a long string of recent cryptovirus attacks, a variant of the Petya ransomware known currently as “NotPetya” is striking HR departments around the globe. Currently disguised as an employee candidate email, malicious links in emails disguised as a Dropbox link to resumes and CVs are infecting computers and locking their files.

Instead of encrypting your files one-by-one like other cryptoviruses such as WannaCry, Petya and its variant operates by first encrypting your PC’s Master Boot Record which also contains your boot loader – special code that always runs before your operating system (OS). Once infected, your boot loader will load the ransomware instead of your OS.

What does it look like when you click on one of these corrupted links?

Users see a Stop Error screen (popularly known as the “Blue Screen of Death”), and their computer reboots into what appears to be the Check Disk screen. This is when the virus encrypts your PC’s Master File Table, which acts as the map to your stored files. Once this is encrypted, it makes it virtually impossible for your computer to locate a specific file.

After the ransomware is done with these processes, the ransom message appears. Unfortunately, NotPetya disables your ability to access the internet through this computer since at this point it has effectively placed itself between you and your OS. In order to pay the bitcoin ransom, you have to use another computer to do so in order to get the decryption key and save your files.

This is not the first time Petya has hit organizations; only now it’s using the EternalBlue Exploit recently patched in the latest Microsoft updates to spread from one PC to the rest of the network. There may be additional methods being used by this virus to infect whole networks that have not been determined yet.

Phishing attacks like NotPetya, WannaCry, and Locky have been so successful because of the social engineering aspect of the hackers’ strategy. Human Resources and recruiters receive unsolicited resumes on a regular basis, so an email like the ones that have been distributing the NotPetya malware don’t look innately suspicious.

Be cautious of unexpected emails with links or attachments. As long as it continues to pay, phishers will continue finding new ways to deliver this ransomware to end users.

Interested in more information on ransomware and how to protect your organization? Check out these additional articles below.

What is Ransomware?
How to Tell If an Email is Valid
Upsurge in Phishing Activities: Don’t Take the Bait!
Protecting Yourself from Phishing Attacks

 


 

About the Author-

Jason Hand loves making music, serving his church and getting people excited about technology tools. He currently lives in Georgia with wife and two adopted sons.  Jason is the Systems Administrator at Rocket IT.

 

Inefficiency is the enemy of a profitable, thriving business. What would a 2.5% increase in utilization mean to your organization? Download our FREE whitepaper for five easy steps to increase employee productivity at no additional payroll cost.