Beware of the new Satana ransomware which has been described in detail by MalwareBytes. The Satana ransomware installs itself on the device, and then waits for a reboot.
Malwarebytes explains that it installs the malicious modules at the beginning of the harddisk and then waits for the reboot that will trigger the malware to go operational.
Satana installs itself silently and does not throw any BSOD prompts (contrary to Petya), but just write it’s malicious modules at the beginning of the disk and patiently waits for the reboot.
The example which MalwareByte have published shows that the [email protected] is used by the Satana ransomware.
Read the full report by MalwareBytes here
Indicators of interest:
- [email protected]
- 46bfd4f1d581d7c0121d2b19a005d3df – main sample
- d236fcc8789f94f085137058311e848b – unpacked