Threat Watch

MBRLocker Ransomware on Rise, Taunts Researchers

Researchers at SentinelLabs have recently reported a surge of MBRLocker variant malware.  MBRLocker malware overwrites the Master Boot Record (MBR), which handles booting the operating system on startup.  By modifying this buffer of data, attackers can prevent a computer from booting entirely. Recently, a newly discovered MBRLocker sample taunted Vitali Kremez, the lead researcher of SentinelLabs, by claiming to originate from him and asking victims to contact him on Twitter.  Additionally, the malware analysis team, malwarehunterteam was also taunted by the threat actors. 

ANALYST NOTES

This malware is typically spread through illegitimate “cracked” software distributions. Binary Defense recommends never installing any cracked software. Additionally, practicing strong backup policies can help make cleanup from this malware type easier, as the most common solution to an MBRLocker infection is to reformat the computer. Some MBRLocker variants create a backup of the Master Boot Record before overwriting it, so it may be possible to recover the computer’s normal operation by restoring the MBR from the backup. To keep backup data safe, consider the 3-2-1 rule: Keep 3 copies of backup data, stored on 2 different physical media, with 1 stored offsite.

https://www.sentinelone.com/blog/mbrlocker-wiper-malware-destructive-pranks-are-no-joke-for-victims/

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch
Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support