Aha, looks like SteadyState accomplishes the same thing. Very cool! I wonder how... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		musesum on April 23, 2016 \| parent \| context \| favorite \| on: Reversing the Petya ransomware with constraint sol... Aha, looks like SteadyState accomplishes the same thing. Very cool! I wonder how a Windows Restore Point is defeated? Because it is in the same partition?

rzzzt on April 23, 2016 [–]

Malware can disable System Restore and delete existing restore points if the user account they are running under has the rights to do so. I think the Cryptolocker variants did this, but not sure...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact