![]() Unfortunately, it is not significant enough to help restoring the key. A small bug in the Salsa20 implementation has been found. Let’s have a look at the implementation and discuss the details. Thus, the malware appears to have only damaging intentions. Now, the necessary key seems to be lost for eternity. In the past, after paying the ransom, the Salsa key from the victim was restored and with its help, the Petya kernel was able to decrypt the Master File Table. The code from Petya’s kernel didn’t change much, but the new logic implemented in the high-level part (the Windows executable) caused the change in the malware’s mission. When the malicious kernel is booted, it encrypts the Master File Table with Salsa20 and in this way, makes the disk inaccessible. As before, the beginning of the disk is overwritten by the malicious Petya kernel and bootloader. The low-level attack works in the same style as the first Petya, described here. In this post, we will focus on some new important aspects of the current malware. ![]() The research is still in progress, and the full report will be published soon. We have recently been facing a huge outbreak of a new Petya-like malware armed with an infector similar to WannaCry.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |