14 DAY TRIAL // Crooks are working on a new brand of ransomware that messes with your master boot record (MBR), just as Petya did last March.
Called Satana ("Satan" in a few Romance languages), this ransomware is a mix between classic ransomware and Petya.
Satana works by encrypting your files employing the same methods other ransomware families use. For each encrypted file, Satana prepends the crook's email address to each file like this: "[email protected]____filename.extension"
Satana then encrypts the MBR and replaces it with its own. The first time when a user reboots their computer, Satana's MBR boot code will load and the computer won't start, showing Satana's ransom note.
Paying the ransom won't always help
Security researcher hasherezade from Malwarebytes says it may be possible to recover the original MBR, but this won't necessarily retrieve the rest of the encrypted files. Recovering MBR records via Windows' cumbersome command-line interface is something that very few people are able to properly follow through, so not even this procedure is 100% sure to help users regain access to their PC.
The encryption algorithm used on the rest of the files is very powerful and can't be brute-forced, leaving the files locked unless the user decides to pay the ransom, something hasherezade doesn't advise.
"[E]ven victims who pay may not get their files back if they (or the C&C) went offline when encryption happened," she writes.
Satana is a work-in-progress
According to the Malwarebytes analyst, the ransomware looks like a work-in-progress, as its developers are still tinkering with its code, which also contains a lot of bugs, so this might not be the last time we hear about Satana.
After Petya appeared in March, a month later, security researchers found a way to recover files locked with this threat.
A month after that, in May, crooks switched to delivering Petya bundled with a second piece of ransomware called Mischa. This was actually regular ransomware that locked files while Petya locked the MBR. Satana seems an evolution of this latter idea.
