14 DAY TRIAL // Experts have found a piece of ransomware that, unlike previous variants, doesn’t settle with blocking the computer’s desktop. Instead, it infects the master boot record (MBR), taking it hostage to prevent the operating system from loading.
Trend Micro researchers determined that the malware replaces the original MBR with its own code. After the system is reset, a process done automatically once the malicious element finds its way to the MBR, a message in Ukrainian is displayed.
Identified as TROJ_RANSOM.AQB, the Trojan demands the payment of a certain amount of money in Ukrainian grivna (Ukrainian currency) via QIWI, an online payment service.
Just below the message that demands the ransom, there’s an “Enter code” prompt in which the unlock code can be input once the fine is paid.
In this particular scenario, the code really works. Once it’s inserted, the MRB is cleaned.
However, this doesn’t mean that users should pay the crooks money in order to remove the infection. Instead, they should use a rescue disk provided by antivirus software vendors, or ask for professional help.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1