Analyzing baby ransomware

Ransomware is a serious threat we deal with everyday and a lot of our posts focus on analyzing the technical details of this threat.

It’s not everyday, however, that we get a chance to take apart ransomware that is still in its early stages of development. Satana, a new Petya-like ransomware, was discovered by our malware hunters and has been torn apart to show you the intricate details of how it works, why it’s not done and what we can expect moving forward.

Satana Lock Screen:

boot_screen

Here is a little bit of history, most malware in the wild today is just a copy of another malware family that already exists.  In the case of Satana, it’s obvious that Petya was the inspiration for a new family of malware to be developed, utilizing many of the same tricks but built in a different way.

Petya Lock Screen:

decrypting_petya

We see these copycats all the time and usually they don’t deviate too far from the original malware family they are based on.

However, one out of a bunch of copycats might shine brighter than the original inspiration, if you want to think of PC Cyborg as the Great-Grandfather of Ransomware, you can say that all modern Ransomware is based on that, you could also say that Cryptolocker spawned the rush of encrypting ransomware we see today.

Will Satana become that family that stands out from all the others and start its own new generation of ransomware or just vanish into obscurity?

Malwarebytes Anti-Malware detects Satana as Ransom.Satana.

Read the analysis here and let us know what you think!

Thanks for reading and safe surfing!