This Wiper Malware Locks Down Your PC And Frames Security Researchers For The Crime
It appears as though even malware authors are going a little stir crazy during this time of recommended isolation. One of the newest PC infections making the rounds is a nasty piece of 'wiper' malware that effectively locks victims out of their computers, and displays a message giving false credit for the infection to a pair of renowned security researchers.
The type of infection going around is referred to as an MBRLocker. What these type of malware strains do is replace the master boot record (MBR) on a PC to prevent the operating system (OS) from loading. Some strains also go the extra mile by encrypting the table containing partition information, which makes it impossible for a victim to access their files or rebuild the MBR without a paying a ransom for a key.
According to BleepingComputer, there has been a "flurry of new MBRLocker being released that appear to be created for 'fun' or as part of 'pranks' created using a tool that is being promoted on YouTube and Discord. This same tool appears to have been used for this latest MBRLocker strain.
It is believed that the infection is coming from free software and crack sites. After locking a victim out of their PC, a message appears pinning the blame on either Vitali Kremiz or MalwareHunterTeam, both of which are well known security researchers.
One of the messages is rather rude, calling the victim an "idiot" and encouraging the user to contact the security researchers on their respective Twitter accounts. The other version discloses Kremiz's email addresses and phone number.
To be clear, Kremis and MalwareHunterTeam are not behind these MBRLockers, despite what the messages state.
Fortunately, it might be possible to recover a PC that is infected with one of these strains. MBRLockers created with the free tool mentioned above make backup copies of the original MBR and store them in a safe location. And in one instance, there was also a fail-safe keyboard combination (CTRL + ALT + ESC) that would restore the MBR so the PC would boot properly.
That said, it's not entirely clear if these specific versions follow the same trend. Stay safe out there folks, and be cautious what your are downloading and where you are downloading from.