Two Ransomwares Bundled - Petya and Mischa

Petya of late is recognized as that dangerous ransomware sample which along with encrypting files followed with demanding Bitcoins to set the encrypted files free, fiddles with the booting system. As a result, victims find it more difficult in operating their PCs, making it more necessary for them to make the ransom payment.

The condition for Petya's working is that the user must at the outset allow the malware to gain admin privileges via the UAC utility that ensures security. But, in case the user denies such privilege, there won't be any infection. Nevertheless, Petya's creators have found a way to overcome this. They are serving another fresh ransomware in case of the privilege denial to Petya.

Specifically, the Petya developers have found a solution to the problem wherein the ransomware wouldn't work in case of non-grant of admin rights necessary for it towards targeting MFT. The Petya has one new installer, which if not given admin rights, would rather load one other ransomware strain called Mischa. Threatpost.com posted this online dated May 13, 2016.

The Mischa starts working by encrypting the victim's data folders straight away, something which does not need special privileges.

Both these malicious programs' operator having a Twitter id @Ianussec, at present is working out one service with which other cyber criminals can hire his ransom software.

These other cyber criminals will just be required to distribute the malicious program. Once user computers are infected, and the victims submit the ransom payment, the money would get divided among the distributors and Janussec, on the basis of certain pre-arranged payment plan. If the malware distributors catch up a greater number of victims, the money they would retain also becomes more.

Presently, the service has been shut because it is undergoing a beta-testing stage, whereby just a few criminals are let admission into this platform, which is hosted on the Dark Web, and named Janus Cyber-crime.

And whilst ransomware already impairs plentiful file extensions making an end-user's computer inoperable, Mischa does something more by encrypting even files with .exe extension, snatching away the end-user's capability towards running executables.

» SPAMfighter News - 5/19/2016