Petya Ransomware arrives via Dropbox as a Resume.

Petya Ransomware arrives via Dropbox as a Resume.

Victims receive an email tailored to look and read like a business-related resume from an applicant seeking a position in a company. It would present users with a hyperlink to a Dropbox storage location, which supposedly would let the user download said applicant’s CV.

Once executed, Petya overwrites the MBR of the hard drive, causing Windows to crash and display a blue screen. Should the user try to reboot his PC, the modified MBR will prevent him from loading Windows normally and instead greet him with an ASCII skull and an ultimatum: pay up with a certain amount of bitcoins or lose access to your files and computer.

The edited MBR also disallows restarting in Safe Mode.