With schools closed, some students are having fun creating malware to keep themselves occupied. Such appears to be the case with a variety of new MBRLocker variants being released, including one with a coronavirus theme. MBRLockers are programs that replace the “master boot record” of a victim’s system so that it prevents the operating system from starting and then displays a ransom note. Last week, the MalwareHunterTeam discovered a new malware, named “Coronavirus” that, once infected will display a picture of the Coronavirus and then lock users out of Windows after the next system reboot. The malware makes a backup copy of the master boot record before replacing it, so it is possible to restore the system without paying any ransom. Researchers believe the malware is being widely distributed as a “prank” because a program to create customized variants of the MBRLocker has been made freely available on YouTube and Discord.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased