Posted
Thu 21 March 2019
Authors Adrien Guinet, Alexandre Gazet, Fabien Perigaud, Joffrey Czarny
Category Reverse-Engineering
Tags reverse-engineering, malware, NotPetya, 2019
Authors Adrien Guinet, Alexandre Gazet, Fabien Perigaud, Joffrey Czarny
Category Reverse-Engineering
Tags reverse-engineering, malware, NotPetya, 2019
NotPetya [0] is a variant of the Petya ransomware [1] that appeared in June 2017 in Ukraine. These malwares have the particularity to rewrite the MBR of computers that are still using an old fashioned BIOS-based booting system. This MBR encrypts the Master File Table (MFT) of the underlying NTFS partition systems.
Synacktiv, Airbus, Medallia and Quarkslab joined their efforts to show how we can decrypt NotPetya's bootloader encryption [2] using previous vulnerabilities [3] found in iLO 4. Download the whitepaper!
| [0] | https://www.crowdstrike.com/blog/petrwrap-ransomware-technical-analysis-triple-threat-file-encryption-mft-encryption-credential-theft/ |
| [1] | https://en.wikipedia.org/wiki/Petya_(malware) |
| [2] | https://github.com/aguinet/petya2017_notes |
| [3] | https://github.com/airbus-seclab/ilo4_toolbox |