The master boot record
(MBR) consists of executable code that's stored in the first sector (sector 0) of a hard disk drive and launches the operating system's boot loader.
When the PC is turned on or rebooted, the program loads from the master boot record
and asks for the user's password.
It infects the boot sector on a floppy disk and spreads to a user's hard drive and can infect the master boot record
(MBR) on a hard drive.
John Miller, senior manager, Analysis, FireEye, said, "Petya belongs to the ransomware family that is atypical in that the malware does not encrypt individual files on victims' systems, but instead overwrites the master boot record
(MBR) and encrypts the master file table (MFT), which renders the system inoperable until the ransom has been paid.
Encryption is at a low level using the master file tree tables for the new technology file system and overwrites the master boot record
with a ransomware warning.
Once executed, Petya overwrites a machine's master boot record
with a custom boot loader that begins the process of encrypting a system's files on reboot.
Meanwhile, new threats attacking the master boot record
increased by 49 per cent in the first quarter of the year, while ransmware sample counts dropped for three straight quarters and botnet providers included virtual currency mining capabilities with their services, reflecting the increasing popularity of digital currencies such as Bitcoin, it added.
The same Jpeg fragment is used to overwrite the master boot record
of targeted hard drives, an almost comic device to use in such a serious attack.
Such attacks occur before the operating system (OS) loads, targeting the system BIOS and Master Boot Record
(MBR), and can persistently infect higher-level system functions including operating systems and applications.
payload which can overwrite files and the Master Boot Record
(MBR) of the
Hidden from Windows OS, an entry into the Master Boot Record
(MBR) ensures that this software always loads prior to loading the OS.