It’ isn’t unusual to hear about a ransomware problem. Ransomware is where malware can take over your computer and someone will demand money to return your computer to you. The latest one to appear actually infects the Master Boot Record (MBR) and that can be a real problem. Here are the details from the Majorgeeks.com Malware Team:
The first:
This latest form of ransomware is crafted to stop you from booting your system. It does so by inserting itself into the MBR ( Master Boot Record ). It will then restart your system and instruct the victim to pay a ransom ( the equivalent of 90 euros ) to the payment service QIWI. The malware seems to originate from the Ukraine.
If victims pay the ransom, the criminals then send a code to unlock the system. Victims can save themselves the ransom by following the instructions for fixing their MBR by booting into the recovery console and running the fixmbr command ( for Vista and Win7, run the Bootrec.exe /fixmbr ).
According to Trend Micro, who discovered this latest scam, this form of ransomware is spread via web sites or by other malware. Malware has been written since 2010 to infect the MBR, though this is the first time that it is ransomware. Most of the previous BKA-style trojans rely on autostart or special registry entries to hook themselves into the system.
If you are infected by this new form of ransomware, contact the MajorGeeks Malware team for further instructions on how to fix your MBR.
The Second:
http://majorgeeks.com/story.php?id=34205]This new ransomware is a hybrid that tries to convince users that they are about to be sued in violation of the new SOPA ( Stop Online Piracy Act). The solution is for the user to purchase a fake anti-virus program.
The ransomware purports to have detected illegal torrent files on the users computer and offers to circumvent the problem by activating an anonymous data transfer protocol.
MalwareBytes was the first to detect this SFX Fake AV program. The fake program will disable your real AV software, shut down process explorer and impedes browser access. It then demands credit card info as payment for the fake security solution.
SOPA was eventually shelved altogether following a loss of support from various influential corporations and a significant public outcry. Needless to say, you can’t get sued (or prosecuted) for violating a bill that never became law.
If you have been infected with this new ransomware, contact the MajorGeeks Malware team.
The first:
This latest form of ransomware is crafted to stop you from booting your system. It does so by inserting itself into the MBR ( Master Boot Record ). It will then restart your system and instruct the victim to pay a ransom ( the equivalent of 90 euros ) to the payment service QIWI. The malware seems to originate from the Ukraine.
If victims pay the ransom, the criminals then send a code to unlock the system. Victims can save themselves the ransom by following the instructions for fixing their MBR by booting into the recovery console and running the fixmbr command ( for Vista and Win7, run the Bootrec.exe /fixmbr ).
According to Trend Micro, who discovered this latest scam, this form of ransomware is spread via web sites or by other malware. Malware has been written since 2010 to infect the MBR, though this is the first time that it is ransomware. Most of the previous BKA-style trojans rely on autostart or special registry entries to hook themselves into the system.
If you are infected by this new form of ransomware, contact the MajorGeeks Malware team for further instructions on how to fix your MBR.
The Second:
http://majorgeeks.com/story.php?id=34205]This new ransomware is a hybrid that tries to convince users that they are about to be sued in violation of the new SOPA ( Stop Online Piracy Act). The solution is for the user to purchase a fake anti-virus program.
The ransomware purports to have detected illegal torrent files on the users computer and offers to circumvent the problem by activating an anonymous data transfer protocol.
MalwareBytes was the first to detect this SFX Fake AV program. The fake program will disable your real AV software, shut down process explorer and impedes browser access. It then demands credit card info as payment for the fake security solution.
"SFX Fake AV is morphing at a relatively fast rate, so it is something that signature-based vendors will have to watch out for as there will be an increasing number of variants in the wild,” Bruce Harrison of Malwarebytes told The Register. “Also, the use of Dropbox as a delivery mechanism is something that the industry is going to have to take into account and protect against, as it is an emerging trend."
SOPA was eventually shelved altogether following a loss of support from various influential corporations and a significant public outcry. Needless to say, you can’t get sued (or prosecuted) for violating a bill that never became law.
If you have been infected with this new ransomware, contact the MajorGeeks Malware team.
