Rootmybox PLT

Rootmybox PLT

Share

Reg No: LLP0008483-LGN
http://rootmybox.com

najashark/KICTM-2017-CTF-Writeup 28/09/2017

Here some from our winner En Naja.

najashark/KICTM-2017-CTF-Writeup KICTM-2017-CTF-Writeup - Writeup for the jeopardy challenge

New ransomware attack hits Ukraine ... may be global in scope 29/06/2017

https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine/
Petya Basic info----

Petya is different from the other popular ransomware these days. Instead of encrypting files one by one, it denies access to the full system by attacking low-level structures on the disk. This ransomware’s authors have not only created their own boot loader but also a tiny kernel, which is 32 sectors long.

---attack vector--

The installer for Petya/Mischa is distributed via phishing emails containing what appear to be job applications. These emails contain a link to a cloud storage service that contains an image of the supposed applicant and a downloadable executable that looks like a PDF. Once the executable is downloaded, it will have a PDF icon to make it appear as a PDF resume. This executable, though, when started tries to install Petya, and if that fails, installs the Mischa Ransomware.

Mischa then scans the computer for data files and encrypts them with the AES algorithm and adds an extension to the file name. This ransomware not only encrypts standard file types like PNGs, DOCXs, etc. but also goes after .EXE files.

Petya’s dropper writes the malicious code at the beginning of the disk. The affected system’s master boot record (MBR) is overwritten by the custom boot loader that loads a tiny malicious kernel. Then, this kernel proceeds with further encryption. Petya’s ransom note states that it encrypts the full disk, but this is not true. Instead, it encrypts the master file table (MFT) so that the file system is not readable.

New ransomware attack hits Ukraine ... may be global in scope Numerous reports are coming out on social media about a new ransomware attack in Ukraine, which could be related to the Petya family.

WannaCry Ransomware FAQ 15/05/2017

FAQ

WannaCry Ransomware FAQ How the propagation of the Wannacry works? The propagation of Wanncry is based on network exploitation on SMB vulnerability (MS17-0...

WannaCry - Jangkitan dan serangan ransomware terbesar dalam sejarah 15/05/2017

WannaCry - Jangkitan dan serangan ransomware terbesar dalam sejarah Bagi anda yang tidak mengikuti perkembangan aplikasi komputer yang jahat ini atau lebih dikenali sebagai WannaCry ransomware anda pasti tidak tahu kesannya kepada dunia dan masyarakat. Jadi untuk mem...

Want your business to be the top-listed Computer & Electronics Service in Malacca City?
Click here to claim your Sponsored Listing.

Address


UiTM (Melaka) Kampus Jasin, 77300 Merlimau, Melaka
Malacca City