Tuesday, August 11, 15:53
Home security Wiper malware infects PCs and accuses well-known security researchers

Wiper malware infects PCs and accuses well-known security researchers

Wiper malware

One hacker decided to distribute one Wiper malware (MBRLocker) and yes accuse two acquaintances researchers security. The malware "Locks" them users out of them computers before they start Windows.

The users they cheat and download free software (crack sites). After 24 hours, they find that they cannot acquire it access on their computers.

The computer displays a message telling users that they have been infected Vitali Kremez and MalwareHunterTeam, two of the most well-known researchers security. Of course, the two researchers have nothing to do with this Wiper malware.

MBRLocker's full message says:

"Hello, my name is Vitali Kremez. I've infected the idiot computer you. You idiot.

Send me to twitter @ VK_intel if you want your computer back.

If I don't answer, send to twitter.com/malwrhunterteam.

For the protection Install SentinelOne antivirus software on your computer. I work here as head of laboratories.

Vitali Kremez Inc. () 2020 ″.

There is another variant of malware, called “SentinelOne Labs Ransomware” and only accuses Vitali Kremez. This is where their revelation takes place e-mail and Kremez's phone number.

The text of this variant states:

“~ SentinelOne Labs Ransomware ~

Your system was unprotected, so we disabled access to Windows.

You will need to purchase the SentinelOne antivirus to restore your computer.

My name is Vitali Kremez. My contact details are as follows:

Phone: XXX

Email 1: XXX

Email 2: xxx

After you buy my antivirus, I will send you a password to unlock the computer.

Insert unlock code: _ ”.

security researchers

These infections are called MBRLocockers, as they replace it “Master boot record” one computer, preventing the startup of the operating system. They then display a message, most likely asking for a ransom.

This type of infection is usually associated with ransomware attacks (eg Petya) or simply acts as a destructive wiper malware, blocking it access of users in archives their.

In this case, it seems that someone hacker wanted to tarnish the name of Kremez and MalwareHunterTeam. A kind of prank.

Neither of the two researchers is involved in any of these ways attacks.

Computer access can be recovered

Recently, a number of new MBRLockers have appeared that seem to be created for "fun" or as part of a "prank".

Recently, various MBRLockers were created using a publicly available tool in YouTube and Discord. It is believed that this tool was also used for the wiper malware that blamed Kremez and MalwareHunterTeam.

When creating MBRLocker with this tool, malware first does one backup the original MBR of the computer to a secure location.

If this wiper malware uses the same MBRLocker builder, then it may be possible to recover the MBR, and therefore recover the access to computer.

In one sample, it was possible to restore the MBR by simultaneously pressing the CTRL + ALT + ESC keys. We do not yet know if this method is effective in this case as well.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


Do you want a Chromebook? Choose among the 4 best!

A good Chromebook is not much different from regular laptops, while the best of them may be nicer than ...

UniConverter: Convert videos to 1000 formats 30 times faster!

If you are a video content creator, you will definitely need to convert a video to various formats many times, without compromising ...

How to persuade older people to use technology?

Technology can often seem daunting and difficult to older people who are unfamiliar with ...

How to stream 4K Ultra HD content to Netflix?

During the quarantine, Netflix has been a great help to people spending boring hours at home. The service has ...

iPhone: Add and remove Widgets from the Home screen

Apple brought the widgets to the Home screen of the iPhone with iOS 14. This is an advanced form of widgets from ...

The best security cameras to protect your home!

If you are afraid of intruders in your home, these security cameras can stream live video directly to your phone.

Do hackers carry out their attacks in real time?

More generally, there is a perception that hackers are suddenly infiltrating systems and devices and carrying out attacks. However, the reality is different. The...

Facebook: How to hide old posts

Facebook has introduced a new tool called "Activity Management" that will allow you to delete old posts, helping you to improve ...

How to download and install the Play Store on laptops and PCs?

Nowadays, many people rely on their smartphones, as they can be used easily and quickly for ...

Portable air conditioner: It is worn on the back and as a jewel 😛

Portable air conditioner - Worn on the back and like jewelry: 40 degrees and we have melted. Those of you who are lucky on the beach, please stop ...