Win32/Diskcoder.Petya [Threat Name] go to Threat

Win32/Diskcoder.Petya.B [Threat Variant Name]

Category trojan
Detection created Mar 26, 2016
Detection database version 13237
Aliases Trojan-Ransom.Win32.Petr.d (Kaspersky)
  Trojan.Cryptolocker.AJ (Symantec)
  Ransom_PETYA.B (TrendMicro)
Short description

Win32/Diskcoder.Petya.B is a trojan that encrypts specific parts of drives. To decrypt data the user is requested to comply with given conditions in exchange for a password/instructions.

Installation

The trojan does not create any copies of itself.


Win32/Diskcoder.Petya.B replaces the original MBR (Master Boot Record) of the hard disk drive with its own program code.


The trojan stores the first sector of the original MBR in sector 56 of the new MBR.


The trojan may perform operating system restart.

Payload information

Win32/Diskcoder.Petya.B is a trojan that encrypts specific parts of drives.


The trojan displays a fake error message:

The trojan displays the following picture:

To decrypt data the user is requested to comply with given conditions in exchange for a password/instructions.

Please enable Javascript to ensure correct displaying of this content and refresh this page.