{"id":6059,"date":"2016-05-26T09:00:55","date_gmt":"2016-05-25T23:00:55","guid":{"rendered":"https:\/\/www.backupassist.com\/blog\/?p=6059"},"modified":"2024-02-05T06:23:35","modified_gmt":"2024-02-05T06:23:35","slug":"petya-mischa-ransomware-data","status":"publish","type":"post","link":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data","title":{"rendered":"Double-trouble Ransomware &#8216;Petya&#8217; and &#8216;Mischa&#8217; throw out the rulebook; targets businesses, HR Employees and IT support."},"content":{"rendered":"<p><strong>If you\u2019re <a href=\"https:\/\/www.backupassist.com\/blog\/news\/ransomware-play-safe-or-pay-up\/\">familiar with Ransomware<\/a>, you know its organized crime.<\/strong> Hackers target your precious data, encrypting and locking it behind a passkey only they have. You pay the ransom, you get the key and your data back.<\/p>\n<p>Usually, it\u2019s in the hacker\u2019s best interest to follow through. They don\u2019t want word to get around that they don\u2019t return your data. It\u2019s bad for business; and that\u2019s what it is, a business.<\/p>\n<p>However, the latest ransomware on the block, \u2018Petya\u2019, flies in the face of this concept. Not only is it more malicious than all the crypto-extortion programs before it, it sometimes doesn&#8217;t even help to pay.<\/p>\n<p><!--more--><\/p>\n<p>Here\u2019s how Petya traditionally works:<\/p>\n<h2>A Trojan CV<\/h2>\n<p>The standard infection scenario currently looks like this; you or one of your staff receives an e-mail pretending to be a job application. The e-mail contains a Dropbox link to a zip file which pretends to be their resume, typically containing:<\/p>\n<ul>\n<li>A photo of a young man claiming to be an applicant. In fact, this is a common stock image.<\/li>\n<li>A fake resume that is really a malicious EXE, either in a self-extracting archive or fake PDF file.<\/li>\n<\/ul>\n<p>When you click on the CV, you receive a Blue Screen of Death instead. That\u2019s all it takes to start Petya\u2019s ball rolling.<\/p>\n<h2>A Pop-Up Alert<\/h2>\n<p>Petya doesn\u2019t even attempt to bypass your user account control (UAC) and get your Administrator privileges. You\u2019ll receive this pop-up alert instead:<\/p>\n<figure id=\"attachment_6063\" aria-describedby=\"caption-attachment-6063\" style=\"width: 451px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/uac_popup.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-6063\" src=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/uac_popup.png\" alt=\"This file name is in German. Don't expect it to be under this name in English-speaking countries.\" width=\"461\" height=\"261\" srcset=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/uac_popup.png 461w, https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/uac_popup-300x170.png 300w\" sizes=\"auto, (max-width: 461px) 100vw, 461px\" \/><\/a><figcaption id=\"caption-attachment-6063\" class=\"wp-caption-text\">This program\u00a0name is in German. Germany has been hit hard by Petya.<\/figcaption><\/figure>\n<p>In the past, if you hit \u2018no\u2019, the Petya infection would stop its infection routine. But Petya is evolving. Now, if you hit no it installs another ransomware program, dubbed \u2018Mischa\u2019, which begins to encrypt your files directly in an operation that doesn\u2019t require special privileges. There is currently no way to restore files encrypted by Mischa without paying the ransom.<\/p>\n<p>So you\u2019re damned if you do, damned if you don\u2019t.<\/p>\n<p>Let\u2019s say you hit \u2018Yes\u2019, and end up running Petya instead of its less-sophisticated cousin, Mischa. When you do, the the system crashes. When it restarts, Petya puts up the following screen, pretending to be running a CHKDSK scan:<\/p>\n<p><a href=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-6064\" src=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/1.png\" alt=\"Fake scan\" width=\"556\" height=\"306\" \/><\/a><\/p>\n<p>Don\u2019t be fooled; this is Petya\u2019s attempt to buy time as it\u2019s already encrypting your data, trying to trick you into not pulling the plug on your machine. If you\u2019re unfortunate enough to let it run to completion, you\u2019ll be greeted with a blinking screen with this ASCII art:<\/p>\n<figure id=\"attachment_6060\" aria-describedby=\"caption-attachment-6060\" style=\"width: 481px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/petya_ransomware_logo_1-100652676-orig_1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-6060\" src=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/petya_ransomware_logo_1-100652676-orig_1.jpg\" alt=\"The calling card of 'Petya', an atypical and nasty ransomware hitting businesses hard.\" width=\"491\" height=\"384\" \/><\/a><figcaption id=\"caption-attachment-6060\" class=\"wp-caption-text\">The calling card of &#8216;Petya&#8217;,the ASCII skull and crossbones.<\/figcaption><\/figure>\n<p>Pressing any key after this leads to the main screen with the ransom note, the information necessary to reach the web panel and proceed with the payment:<\/p>\n<p><a href=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-6066 size-full\" src=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/3.png\" alt=\"3\" width=\"721\" height=\"402\" srcset=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/3.png 721w, https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/3-300x167.png 300w\" sizes=\"auto, (max-width: 721px) 100vw, 721px\" \/><\/a><\/p>\n<p>Currently Petya asks for around 0.99 bitcoins and Mischa asks for 1.93\u2014that\u2019s around US $430 and $875 respectively. Why you have to pay twice as much for Mischa is anyone\u2019s guess.<\/p>\n<h2>What makes it different?<\/h2>\n<p>Petya\u2019s infection method isn&#8217;t new. What is new is how it goes about it. Common ransomware usually encrypts certain kinds of files\u2014pictures, office documents, etc\u2014and leaves your operating system unharmed so you can pay the ransom.<\/p>\n<p>Not so with Petya. Instead, it blocks access to your entire hard drive, infecting your Master Boot Record (MBR). In layman&#8217;s terms, your MBR is what runs before an operating system like Windows, and by doing this it ensures it gets to run its malicious code first.<\/p>\n<p>Worse news? It does this completely offline. That means you can\u2019t unplug your internet and hope to halt the process. In fact, you&#8217;ve got to find another computer in order to pay the ransom and get your data back.<\/p>\n<p>That\u2019s an incredibly odd move, like kidnapping a family member but also your car keys. In the end, it\u2019s just going to make it that much harder to get the ransom money.<\/p>\n<h2>Even if you pay, your data may be lost<\/h2>\n<p>To pay the ransom, you\u2019ll need to head to the \u2018Dark Web\u2019, the seedy underbelly of the regular internet. There, you have to pay them in Bitcoins, which is the favoured currency of the web\u2019s black market.<\/p>\n<figure id=\"attachment_6068\" aria-describedby=\"caption-attachment-6068\" style=\"width: 758px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/page_main-768x707.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-6068 size-full\" src=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/page_main-768x707.png\" alt=\"Expect to see a screen like this if you're hit with this malicious malware.\" width=\"768\" height=\"707\" srcset=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/page_main-768x707.png 768w, https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/page_main-768x707-300x276.png 300w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/a><figcaption id=\"caption-attachment-6068\" class=\"wp-caption-text\">Expect to see a screen like this if you&#8217;re hit with this malicious malware.<\/figcaption><\/figure>\n<p><strong>The really bad news is, the decryption process is likely to catastrophically fail.<\/strong> The reason is the malware makes incorrect assumptions about the layout of your disk. That means the malware can\u2019t unscramble your data.<\/p>\n<p>Given the abysmal rate of data recovery software at recovering your data, that may mean it\u2019s gone permanently with the single click of a CV attachment.<\/p>\n<h2>Prevention is the best cure<\/h2>\n<p>If you\u2019ve lost your data, you can pay the ransom and hope the decryption works, try your hand at recovering it, or wait until proper countermeasures and decryption tools are made by software security giants. But none of these are sure things, and all of them take time and money. And you can expect to see a lot more of Petya and Mischa, since they\u2019re now even being offered as Ransomware-As-A-Service:<\/p>\n<figure id=\"attachment_6067\" aria-describedby=\"caption-attachment-6067\" style=\"width: 758px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/janus_info_page-768x417.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-6067 size-full\" src=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/janus_info_page-768x417.png\" alt=\"Petya and Mischa are being offered as a money-making tool to extort businesses.\" width=\"768\" height=\"417\" srcset=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/janus_info_page-768x417.png 768w, https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/janus_info_page-768x417-300x163.png 300w\" sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/a><figcaption id=\"caption-attachment-6067\" class=\"wp-caption-text\">Petya and Mischa are being offered as a money-making tool to extort businesses.<\/figcaption><\/figure>\n<p>The best solution by far is prevention, whether it\u2019s before you&#8217;ve been hit or after. Having regular backups means that your data isn\u2019t lost, and performing a bare-metal restore of your hard disk. A restore isn&#8217;t possible, since you\u2019ll need to fully format your drive in order to purge the virus.<\/p>\n<p>Using a reliable backup solution like <a href=\"https:\/\/www.backupassist.com\/backupassist.html\">BackupAssist<\/a> along with a proper backup strategy (E.g.\u00a0<a href=\"https:\/\/www.backupassist.com\/blog\/news\/3-2-1-rule-of-backups-infographic\/\">The 3-2-1 Backup Rule<\/a>) means you don\u2019t need to pay hackers if you\u2019re hit with ransomware, or any other data disaster. Pairing this with an effective anti-virus solution is your best bet against malware.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you\u2019re familiar with Ransomware, you know its organized crime. Hackers target your precious data, encrypting and locking it behind a passkey only they have. You pay the ransom, you get the key and your data back. Usually, it\u2019s in the hacker\u2019s best interest to follow through. They don\u2019t want word to get around that &#8230; <a title=\"Double-trouble Ransomware &#8216;Petya&#8217; and &#8216;Mischa&#8217; throw out the rulebook; targets businesses, HR Employees and IT support.\" class=\"read-more\" href=\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data\">Read more <span class=\"screen-reader-text\">Double-trouble Ransomware &#8216;Petya&#8217; and &#8216;Mischa&#8217; throw out the rulebook; targets businesses, HR Employees and IT support.<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":19723,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,23],"tags":[164,442,443,444,445,311,389],"class_list":["post-6059","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-interest","category-news","tag-data","tag-defend","tag-mischa","tag-petya","tag-protection","tag-ransomware","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Double-trouble Ransomware &#039;Petya&#039; and &#039;Mischa&#039; throw out the rulebook; targets businesses, HR Employees and IT support.<\/title>\n<meta name=\"description\" content=\"The latest ransomware pair on the block, &#039;Petya&#039; and &#039;Mischa&#039;, are more malicious than their predecessors\u2014and sometimes it doesn&#039;t even help to pay.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Double-trouble Ransomware &#039;Petya&#039; and &#039;Mischa&#039; throw out the rulebook; targets businesses, HR Employees and IT support.\" \/>\n<meta property=\"og:description\" content=\"The latest ransomware pair on the block, &#039;Petya&#039; and &#039;Mischa&#039;, are more malicious than their predecessors\u2014and sometimes it doesn&#039;t even help to pay.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Resilience Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-05-25T23:00:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-05T06:23:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1366\" \/>\n\t<meta property=\"og:image:height\" content=\"486\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Adam Ipsen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Adam Ipsen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data\"},\"author\":{\"name\":\"Adam Ipsen\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d\"},\"headline\":\"Double-trouble Ransomware &#8216;Petya&#8217; and &#8216;Mischa&#8217; throw out the rulebook; targets businesses, HR Employees and IT support.\",\"datePublished\":\"2016-05-25T23:00:55+00:00\",\"dateModified\":\"2024-02-05T06:23:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data\"},\"wordCount\":1030,\"publisher\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg\",\"keywords\":[\"data\",\"Defend\",\"Mischa\",\"Petya\",\"Protection\",\"ransomware\",\"security\"],\"articleSection\":[\"Interest\",\"News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data\",\"url\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data\",\"name\":\"Double-trouble Ransomware 'Petya' and 'Mischa' throw out the rulebook; targets businesses, HR Employees and IT support.\",\"isPartOf\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg\",\"datePublished\":\"2016-05-25T23:00:55+00:00\",\"dateModified\":\"2024-02-05T06:23:35+00:00\",\"description\":\"The latest ransomware pair on the block, 'Petya' and 'Mischa', are more malicious than their predecessors\u2014and sometimes it doesn't even help to pay.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#primaryimage\",\"url\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg\",\"contentUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg\",\"width\":1366,\"height\":486},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.backupassist.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Double-trouble Ransomware &#8216;Petya&#8217; and &#8216;Mischa&#8217; throw out the rulebook; targets businesses, HR Employees and IT support.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#website\",\"url\":\"https:\/\/www.backupassist.com\/blog\/\",\"name\":\"Cyber Resilience Blog\",\"description\":\"Protect Your Cloud Data with BackupAssist\",\"publisher\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.backupassist.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\",\"name\":\"Cyber Resilience Blog\",\"url\":\"https:\/\/www.backupassist.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"contentUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"caption\":\"Cyber Resilience Blog\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d\",\"name\":\"Adam Ipsen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g\",\"caption\":\"Adam Ipsen\"},\"url\":\"https:\/\/www.backupassist.com\/blog\/author\/adam-ipsen\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Double-trouble Ransomware 'Petya' and 'Mischa' throw out the rulebook; targets businesses, HR Employees and IT support.","description":"The latest ransomware pair on the block, 'Petya' and 'Mischa', are more malicious than their predecessors\u2014and sometimes it doesn't even help to pay.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data","og_locale":"en_US","og_type":"article","og_title":"Double-trouble Ransomware 'Petya' and 'Mischa' throw out the rulebook; targets businesses, HR Employees and IT support.","og_description":"The latest ransomware pair on the block, 'Petya' and 'Mischa', are more malicious than their predecessors\u2014and sometimes it doesn't even help to pay.","og_url":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data","og_site_name":"Cyber Resilience Blog","article_published_time":"2016-05-25T23:00:55+00:00","article_modified_time":"2024-02-05T06:23:35+00:00","og_image":[{"width":1366,"height":486,"url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg","type":"image\/jpeg"}],"author":"Adam Ipsen","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Adam Ipsen","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#article","isPartOf":{"@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data"},"author":{"name":"Adam Ipsen","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d"},"headline":"Double-trouble Ransomware &#8216;Petya&#8217; and &#8216;Mischa&#8217; throw out the rulebook; targets businesses, HR Employees and IT support.","datePublished":"2016-05-25T23:00:55+00:00","dateModified":"2024-02-05T06:23:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data"},"wordCount":1030,"publisher":{"@id":"https:\/\/www.backupassist.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#primaryimage"},"thumbnailUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg","keywords":["data","Defend","Mischa","Petya","Protection","ransomware","security"],"articleSection":["Interest","News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data","url":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data","name":"Double-trouble Ransomware 'Petya' and 'Mischa' throw out the rulebook; targets businesses, HR Employees and IT support.","isPartOf":{"@id":"https:\/\/www.backupassist.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#primaryimage"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#primaryimage"},"thumbnailUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg","datePublished":"2016-05-25T23:00:55+00:00","dateModified":"2024-02-05T06:23:35+00:00","description":"The latest ransomware pair on the block, 'Petya' and 'Mischa', are more malicious than their predecessors\u2014and sometimes it doesn't even help to pay.","breadcrumb":{"@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#primaryimage","url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg","contentUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2016\/05\/Blog-Header-Image-Generic-2.jpg","width":1366,"height":486},{"@type":"BreadcrumbList","@id":"https:\/\/www.backupassist.com\/blog\/petya-mischa-ransomware-data#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.backupassist.com\/blog"},{"@type":"ListItem","position":2,"name":"Double-trouble Ransomware &#8216;Petya&#8217; and &#8216;Mischa&#8217; throw out the rulebook; targets businesses, HR Employees and IT support."}]},{"@type":"WebSite","@id":"https:\/\/www.backupassist.com\/blog\/#website","url":"https:\/\/www.backupassist.com\/blog\/","name":"Cyber Resilience Blog","description":"Protect Your Cloud Data with BackupAssist","publisher":{"@id":"https:\/\/www.backupassist.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.backupassist.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.backupassist.com\/blog\/#organization","name":"Cyber Resilience Blog","url":"https:\/\/www.backupassist.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","contentUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","caption":"Cyber Resilience Blog"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d","name":"Adam Ipsen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g","caption":"Adam Ipsen"},"url":"https:\/\/www.backupassist.com\/blog\/author\/adam-ipsen"}]}},"_links":{"self":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/6059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/comments?post=6059"}],"version-history":[{"count":2,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/6059\/revisions"}],"predecessor-version":[{"id":19724,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/6059\/revisions\/19724"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/media\/19723"}],"wp:attachment":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/media?parent=6059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/categories?post=6059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/tags?post=6059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}