Petya Ransomware

FlexxFlexx ✭✭✭✭
edited January 28 in Antivirus

@Andy_BD, @Alex D.

I am clueless as of now. Today my personal laptop got executed with petya ransomware (the first variant, red screen one). Bitdefender did tried to help me, but at the end it failed. Suddenly, I had a BSOD (Blue Screen Of Death) error and then my system rebooted.

After reboot, a fake chkdsk (check disk) ran, which in fact was encrypting my mbr (master boot record) files and at the end it end up encrypting my complete boot sector and there was nothing that could have been done.

And then the petya skull image popped with the ransom note. I did tried universal petya decryptable keys to get back into my system, but none of them worked. At last I had to format my laptop and reinstall the windows.

The question arises, being discovered in 2016, petya ransomware variant 1 can still bypass bitdefender antivirus security. This is really very very weird.

Regards

Flex

(Bitdefender beta tester 2019/ 2020)

Comments

  • Alex_AAlex_A ✭✭✭

    How does Bitdefender Support Center comment on this issue?

    If it's not a secret how did you pick up this malware, test it on purpose, or in some other way?

  • FlexxFlexx ✭✭✭✭
    edited January 31

    Well they can get the issue checked up by the malware researchers. We still have many staff members from different departments on forum which we are not aware of.

    Secondly, I was executing and testing real time protection of ESET, Kaspersky & Bitdefender against 150-200 ransomwares samples on my standby PC. I tested the samples in VM against vendors like ESET & Kaspersky, but forgot to launch VM while testing it against Bitdefender & ended up testing it on a real time machine. Though Kaspersky blocked each and every execution of all ransomware samples, but ESET & Bitdefender also did their best in stopping the ransomware from spreading but at the end the system became encrypted especially in the case of petya ransomware.

    The one thing that differentiates petya from other ransomware is that petya ransomware encrypts the master boot record of the HDD/ SSD and hence system becomes unbootable, unlike other ransomware which only encrypt the software & document files. Though the standby system did not had any important documents, so instead of getting the MBR decrypted which is a long process in case of petya ransomware, I approached for reinstallation of windows.

    Well the mode of attention was that how could a old ransomware sample for which detection is already available by bitdefender can slip pass through and still encrypt the system.

    The file was submitted to malware researchers and they are currently rechecking on it.

    Regards

    Flex

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.