
New ransomware, old techniques: Petya adds worm capabilities - r721
https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
======
nuclx
The article should be more precise about when the actual encryption is
happening. To my knowledge it is performed only after rebooting. Am I right to
assume, that if for some reason the machine is powered off before booting up
again, or if it is unable to boot up due to drive encryption, raid or other
circumstances (i.e. the checkdisk and ransomware screens are not displayed),
the drive is fully restorable by recovering the MBR/VBR?

