<link href="//fonts.googleapis.com/css?family=Roboto+Slab:700%7CRoboto:700%7CRoboto:normal" rel="stylesheet">

Satana Ransomware encrypts User Files and replaces MBR


Satana is the latest ransomware threat for Windows PC users. It is actually a Ransomware which encrypts your files as well as the MBR (Master Boot Record) leaving your Windows device unable to load. Satana brings a boot locker along which blocks your operating system and prevents logging in. When installed, this malware displays a Boot Locker Screen which asks for a password. The victim then has to pay .5 bitcoins against the decryption key as a ransom which is somewhere around US$340.

Satana Ransomware

satana ransomware

Windows users faced a similar Ransomware Petya earlier this year which left the PCs unbootable by overwriting the Master Boot Record (MBR) and asked for a ransom against the decryption key.

Satana ransomware was first discovered by Malwarebytes security researcher S!Ri.

The firm says, “Satana behaves similarly [to Petya], for example injecting its own code into the MBR. However, whereas Petya encrypts the Master File Table, Satana encrypts the MBR. To encrypt PC files, Petya relied on the help of a tag-along trojan called Mischa; Satana manages both tasks on its own”.

Security firm Kaspersky also warned the Windows users about Satana and listed the types of files encrypted by Satana which include:

.bak, .doc, .jpg, .jpe, .txt, .tex, .dbf, .db, .xls, .cry, .xml, .vsd, .pdf, .csv, .bmp, .tif, .1cd, .tax, .gif, .gbr, .png, .mdb, .mdf, .sdf, .dwg, .dxf, .dgn, .stl, .gho, .v2i, .3ds, .ma, .ppt, .acc, .vpd, .odt, .ods, .rar, .zip, .7z, .cpp, .pas and .asm.

Satana encrypts the files and replaces MBR in the same program. The malware first encrypts the files with the given extensions and replaces the MBR when you first reboot your PC.

While many Windows users are perturbed with the malware, you may still try and see if you can repair and fix the MBR.

Leave a Reply