With ransomware attacks making headlines nearly every day in 2016, it seems that IT security professionals and the cybercriminals that try to outsmart them are in a constant battle for lead position—and lately, it seems that the cybercriminals are winning.
Recently, yet another strain of ransomware was discovered in its early sample form. Satana, (“Satan” in Italian) is a Trojan that encrypts files and corrupts the Windows’ Master Boot Record (MBR), which halts the Windows boot process and injects its own code into the MBR. Unlike sister-malware Petya which relies on help from tagalong Trojan Mischa, Satana doesn’t mess around with the Master File Table (MFT), it goes straight for the jugular—and manages to conduct both processes of injecting code and encrypting PC files all by itself. So, Satana seems to be an evolved version of Petya in that it doesn’t need anyone’s help—except for the human on the other end of the reboot function—in order to infect and encrypt a user’s computer.
Once Satana has successfully installed itself on its victim’s computer, it will launch its ransom note, which reads, in part:
“You had bad luck. There was crypting of all your files in a FS bootkit virus<!SATANA!> To decrypt you need to send on this E-mail: firstname.lastname@example.org your private code: C98F4DEC6A….”
…and so on. Eventually, the ransom note gets to the point where it instructs victims to pay a bitcoin equivalent to $340. The note, which blasts itself in bright red text against a sinister black background, ends with a call to action that tells users where to enter their decryption code to regain access to their files. The malware signs off with, “Good luck! May God help you! <!SATANA!>”
Kaspersky Lab has dubbed the Russian-linked Satana the “ransomware from hell.” According to Kaspersky Lab, researchers have identified six email addresses that serve as contact information for Satana’s victims, who must request payment and other instructions in order to receive the decryption key to unlock their files.
In order to fulfill the ransom and unlock encrypted files, the cybercriminals behind Satana demand that victims pay around 0.5 bitcoins, or approximately $340.
For the advanced and technically apt victims of Satana, there may be a light at the end of the tunnel. Experts have revealed that there is a way to at least partly bypass the MBR to gain access to the infected operating system and restore it—but be forewarned, this solution is only meant for experienced victims with very advanced technical skills.
Problematically, while you may be able to restore your OS, researchers have yet to figure out a solution that will give Satana victims access to their encrypted files. It seems that, at least for now, victims have only one option in order to decrypt their stolen files—and that is to pay up.
The good news, for the time being, is that Satana is currently in its infancy stages; it is not widespread, and researchers have uncovered errors and weaknesses in its code. On the flip side, it appears that Satana is positioned to evolve over time, and with its comprehensive method of attack, it has the potential to become the next major threat in the ransomware world.
To stay vigilant against ransomware threats, remember to always:
Alary Clinitech your local IT security solutions provider, keeping your business’ IT assets safe from ransomware, hackers, and other cybersecurity threats. For the most advanced IT security solutions in business, contact us at (416) 291-7377 or send us an email at email@example.com for more information.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.