11
JUL 2016Please be aware of the new RansomWare Strain called “Santana” which is a blend between classic file encryption malware and the Petya strain which locks the Master Boot Record (MBR).
It looks like a Petya copycat, but for each encrypted file, Satana prepends their email address to each file like this: “email@domain.com_filename.extension”. Satana then encrypts the MBR and replaces it with its own. The first time when a user reboots their workstation, Satana’s MBR boot code will load and the only thing the machine will show is Satana’s ransom note in red on black.
This strain looks like a work-in-progress, as its developers are still adding “new features”. Please be very careful as this is going to cause some damage when they start pumping it out.
As with most RansomWare infections, Santana is spread primarily by e-mail attachment but also by malicious or compromised websites. Remind your employees to be wary of any e-mail with attachments (especially ZIP files which should be blocked by the SPAM appliance) and remember to be careful in what websites you and your employees visit!