Tuesday, January 26, 05:37
Home security Wiper malware infects PCs and accuses well-known security researchers

Wiper malware infects PCs and accuses well-known security researchers

Wiper malware

One hacker decided to distribute one Wiper malware (MBRLocker) and yes accuse two acquaintances researchers security. The malware "Locks" them users out of them computers before they start Windows.

The users they cheat and download free software (crack sites). After 24 hours, they find that they cannot acquire it access on their computers.

The computer displays a message telling users that they have been infected Vitali Kremez and MalwareHunterTeam, two of the most well-known researchers security. Of course, the two researchers have nothing to do with this Wiper malware.

MBRLocker's full message says:

"Hello, my name is Vitali Kremez. I have infected the idiot computer you. You idiot.

Send me to twitter @ VK_intel if you want your computer back.

If I don't answer, send to twitter.com/malwrhunterteam.

For the protection Install SentinelOne antivirus software on your computer. I work here as head of laboratories.

Vitali Kremez Inc. () 2020 ″.

There is another variant of malware, called SentinelOne Labs Ransomware and only accuses Vitali Kremez. This is where their revelation takes place e-mail and Kremez's phone number.

The text of this variant states:

~ SentinelOne Labs Ransomware ~

Your system was unprotected, so we disabled access to Windows.

You will need to purchase the SentinelOne antivirus to restore your computer.

My name is Vitali Kremez. My contact details are as follows:

Phone: XXX

Email 1: XXX

Email 2: xxx

After you buy my antivirus, I will send you a password to unlock the computer.

Enter unlock code: _ ”.

security researchers

These infections are called MBRLocockers, as they replace it "Master boot record" one computer, preventing the startup of the operating system. They then display a message, most likely asking for a ransom.

This type of infection is usually associated with ransomware attacks (eg Petya) or simply acts as a destructive wiper malware, blocking it access of users in archives their.

In this case, it seems that someone hacker wanted to tarnish the name of Kremez and MalwareHunterTeam. A kind of prank.

Neither of the two researchers is involved in any of these ways attacks.

Computer access can be recovered

Recently, a number of new MBRLockers have appeared that seem to be created for "fun" or as part of a "prank".

Recently, various MBRLockers were created using a publicly available tool in YouTube and Discord. It is believed that this tool was also used for the wiper malware that blamed Kremez and MalwareHunterTeam.

When creating MBRLocker with this tool, malware first does one backup the original MBR of the computer to a secure location.

If this wiper malware uses the same MBRLocker builder, then it may be possible to recover the MBR, and therefore recover the access to computer.

In one sample, it was possible to restore the MBR by simultaneously pressing the CTRL + ALT + ESC keys. We do not yet know if this method is effective in this case as well.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...