Home Malware Programs Ransomware MBRCodes Ransomware

MBRCodes Ransomware

Posted: February 1, 2019

The MBRCodes Ransomware is a new version of the Xorist Ransomware, a file-locker Trojan that the criminals can create variants of through its construction kit. The users can keep their files safe by backing them up to other, protected locations, instead of relying on local backups that the MBRCodes Ransomware can delete or encode. Always have your anti-malware product of preference remove the MBRCodes Ransomware or isolate it before proceeding with any file-recovery strategies you require.

A Trojan Whose Code is More than a Little Familiar

The Xorist Ransomware assembly line is, unsurprisingly, continuing its productivity, after already showing off variants like the Mcafee Ransomware, Vaca Ransomware, PrOtOnIs Ransomware, and TaRoNiS Ransomware. Another version, which owes its discovery to ID Ransomware's creator and cyber-security researcher, may be pretending that its attacks consist of more than 'only' encryption. The surface-level symptoms of the MBRCodes Ransomware could be tricking its victims into thinking the actual operating system is under an attack.

The Brazil-targeting MBRCodes Ransomware campaign includes all of the usual features of Xorist Ransomware's configurable kit, which lets criminals block files, usually, in return for money. The ones that malware researchers routinely accentuate as being crucial for either visibility or data security reasons include:

  • The MBRCodes Ransomware can lock files by using either XOR or TEA algorithms, which may or may not be decryptable by current, third-party tools. Media, including documents, images, downloads and desktop files are highly at risk.
  • The MBRCodes Ransomware adds 'mbrcodes' extensions to the names of the above content. Since the MBR or Master Boot Record is a critical Windows component, this choice could be the threat actor's attempt at making the MBRCodes Ransomware's damages seem more invasive than the reality is.
  • Like most file-locking Trojans, the MBRCodes Ransomware also comes with the risk of erasing any backups that are accessible locally, including, most importantly, the Windows Shadow Volume Copies.
  • A Portuguese-language text message gives the victim the threat actor's ransoming demands, but the amount is not yet trackable by malware experts. The instructions' warning regarding data loss is, as usual, non-factual.

Getting Rid of the MBRCodes Ransomware will not Require Repairing Windows

Alternative boot-up procedures can be helpful for terminating all non-essential programs temporarily, including threatening ones, while the users disinfect their PCs. However, the MBRCodes Ransomware does not appear to be hijacking or damaging the MBR, and malware experts don't expect the victims to have any need of repairing the Windows OS. Despite this silver lining, the MBRCodes Ransomware does harm other media files in ways that aren't always fixable.

Brazilian Windows users should be mindful of all of the standard pathways for infections, including torrents, e-mail attachments, and leaving scripts enabled while browsing the Web. Network admins also should monitor their logins and settings for weaknesses worth hardening. A strong anti-malware product may delete the MBRCodes Ransomware without trouble but can't decrypt files, which calls for a Xorist Ransomware-specific decryptor.

The MBRCodes Ransomware may not destroy your MBR like the equally-recent the Teeny Ransomware, but cleaning up after the damage it can do isn't easy. Users would better serve their PCs and files by not clicking on unsafe content and by using backups, instead of hoping that security tools can fix their mistakes every time

Loading...