NotPetya is a variant of the Petya ransomware that appeared in June 2017
in Ukraine. These malwares have the particularity to rewrite the MBR of computers
that are still using an old fashioned BIOS-based booting system. This MBR
encrypts the Master File Table (MFT) of the underlying NTFS partition
Synacktiv, Airbus, Medallia and
Quarkslab joined their efforts to show how we can
decrypt NotPetya's bootloader encryption using previous vulnerabilities
found in iLO 4. Download the whitepaper!