With schools closed, some students are having fun creating malware to keep themselves occupied. Such appears to be the case with a variety of new MBRLocker variants being released, including one with a coronavirus theme. MBRLockers are programs that replace the “master boot record” of a victim’s system so that it prevents the operating system from starting and then displays a ransom note. Last week, the MalwareHunterTeam discovered a new malware, named “Coronavirus” that, once infected will display a picture of the Coronavirus and then lock users out of Windows after the next system reboot. The malware makes a backup copy of the master boot record before replacing it, so it is possible to restore the system without paying any ransom. Researchers believe the malware is being widely distributed as a “prank” because a program to create customized variants of the MBRLocker has been made freely available on YouTube and Discord.
Analyst Notes
The team at Avast has discovered a workaround for this malware. If a user’s computer is infected with this, then all they have to do is press CTRL+ALT+ESC at the same time. This should allow the system to boot normally. If this works, it is advisable to reset the system if the user has clean and secure backups. The general rule for backups is the 3-2-1 method. Keep three copies of the backup data on two different storage media with one of them being offsite.
To read more: https://www.bleepingcomputer.com/news/security/new-coronavirus-themed-malware-locks-you-out-of-windows/
