Peta Ransomware
There are more and more ransomware threats popping up each day as malware experts struggle to study and analyze them. Many cyber crooks choose to spare their efforts, and instead of building a data-locking Trojan from the ground up, they decide to borrow the code of an already established threat and only slightly change it.
Propagation and Encryption
This is the case of the newly uncovered Peta Ransomware. Once discovered, it was quickly revealed that this threat belongs to the infamous STOP Ransomware family. It is not yet known what propagation methods are the attackers employing. Some speculate that the most commonly used infection vectors may be at play in the spreading of the Peta Ransomware – spam emails containing macro-laced attachments alongside fake software updates and bogus pirated copies of popular applications. A quick scan is performed as soon as the Peta Ransomware infects a host. The goal is to locate all the files, which will then be marked for encryption. Then, the Peta Ransomware will proceed the attack by triggering its encryption process. When the Peta Ransomware locks a file, it also will change its filename. This threat appends a '.peta' extension to each affected file. This means that a file, which was called 'black-pills.mp3' originally, will be renamed to 'black-pills.mp3.peta.'
The Ransom Note
Next, he Peta Ransomware drops a ransom note that is called '_readme.txt' and states:
’ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-sTWdbjk1AY
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
gerentoshelp@firemail.cc
Your personal ID:’
As is evident, the attackers demand $980 as a ransom fee. However, they claim to give a 50% discount to all victims who manage to contact them within 72 hours after being attacked, meaning they will be required to pay $490. As proof that the authors of the Peta Ransomware are in possession of a functioning decryption key, they offer to unlock one file free of charge. There are two email addresses that the attackers have provided as a means of contacting them – 'gorentos@bitmessage.ch' and 'gerentoshelp@firemail.cc.'
You should keep your distance from cyber crooks at all times. Attempting to reason with them or bargain will be likely futile. A safer response is to download and install a reputable anti-spyware solution and use it to wipe off the Peta Ransomware from your system.
