Cyberpolice has developed a manual on restoring access to the operating system for users whose computers were attacked by the virus “Petya.A”.
This is stated in the message of Department of postal and telecommunications NEC. According to experts, the chance to recover the information in the computer is in the two cases.
“In the research process of the virus “Petya” and its damaging effect on the computers identified several options for his intervention. The first computers are infected and encrypted (the system is completely compromised), recovery of maintenance requires knowledge of the private key. The second computers are infected, partially encrypted, the system will start the encryption process, but external factors have stopped the encryption process. Third – the computers are infected, but the encryption process the MFT has not started yet”, – stated in the message.
It is noted that in the case of the first scenario is not yet a method which is guaranteed to holds the data to be decrypted. To solve this issue jointly by the specialists of the Department of cyber police, security service, DSTTI, domestic and international IT companies.
“At the same time, in the latter two cases there is a chance to recover the information stored in the computer as a layout table, the MFT is not broken or partially broken, this means that by restoring the boot sector of the MBR system, the machine starts and can work”, – stressed in the police.
Experts of cyber Police has developed detailed recommendations for restoring access to a virus-infected operating system, provided that the encryption process is performed, but external factors (e.g. power off, etc.) stopped the encryption process; or if the encryption process the MFT has not started yet due to factors beyond the control of the user (failure of the virus response anti-virus software on the virus and the like).
As UNIAN reported earlier, on June 27, Ukrainian banks, energy companies, government Internet resources and local network of the Ukrainian media and other large enterprises has undergone a massive hacker attack which spreading the virus Petya.A, which blocks work of the computer system.
The virus is spreading in Russia, England, India and other countries of Europe and Asia. Virus Petya.And encrypts the data on the computer and demands a ransom. The security professionals suggest nothing to pay – no keys after paying money to the owners of infected computers do not get.
Head of Global programmes of the United Nations on cybersecurity Neal Walsh said that investigators still can’t identify the initiators of the recent global cyber attacks, but the strategy of the attackers indicates that not money was the main motive for their actions.