New Ransomware that blocks booting
Contributed by: Email on 04/14/2012 01:37 PM
[
Comments
]
This latest form of ransomware is crafted to stop you from booting your system. It does so by inserting itself into the MBR ( Master Boot Record ). It will then restart your system and instruct the victim to pay a ransom ( the equivalent of 90 euros ) to the payment service QIWI. The malware seems to originate from the Ukraine.
If victims pay the ransom, the criminals then send a code to unlock the system. Victims can save themselves the ransom by following the instructions for fixing their MBR by booting into the recovery console and running the fixmbr command ( for Vista and Win7, run the Bootrec.exe /fixmbr ).
According to Trend Micro, who discovered this latest scam, this form of ransomware is spread via web sites or by other malware. Malware has been written since 2010 to infect the MBR, though this is the first time that it is ransomware. Most of the previous BKA-style trojans rely on autostart or special registry entries to hook themselves into the system.
If you are infected by this new form of ransomware, contact the MajorGeeks Malware team for further instructions on how to fix your MBR.
If victims pay the ransom, the criminals then send a code to unlock the system. Victims can save themselves the ransom by following the instructions for fixing their MBR by booting into the recovery console and running the fixmbr command ( for Vista and Win7, run the Bootrec.exe /fixmbr ).
According to Trend Micro, who discovered this latest scam, this form of ransomware is spread via web sites or by other malware. Malware has been written since 2010 to infect the MBR, though this is the first time that it is ransomware. Most of the previous BKA-style trojans rely on autostart or special registry entries to hook themselves into the system.
If you are infected by this new form of ransomware, contact the MajorGeeks Malware team for further instructions on how to fix your MBR.
Comments
