Petya Ransomware Overwrites MBR Then Encrypts Hard Drive, If getting infected with crypto ransomware was not bad enough, now cyber criminals created a new Petya ransomware which overwrites the master boot record (MBR) of the infected computer, this of course leaves the computer in an unbootable state.
Even if you repair the MBR the data on that hard disk will be encrypted.
Petya is delivered via spam emails which targets businesses in particular, the ransomware email is linked to a shared Dropbox folder which contains a self-extracting archive, these are generally a curriculum vitae CV. If this CV is download and executed, the Petya ransomware is installed on that computer, changing then MBR to display a fake BSOD Blue Screen of Death, which then executes a fake chkdsk. While the fake scan is happening, Petya ransomware is actually encrypting the master file table (MFT)
Petya does not encrypt the file data itself, instead it encrypts the MFT, which makes the data invisible to the operating system. If you have the RED Petya Ransom, there is a chance you can retrieve your data. Information will be listed below.
https://petya-pay-no-ransom.herokuapp.com/
https://github.com/leo-stone/hack-petya
Here is some useful information on Petya Ransomware created by Malwarebytes
Sadly there is no decryption method for the new GREEN Petya Ransom at this time.
