Forget cybercriminals out to steal your money and credentials. Security researchers are now finding more malware intent on rewriting master boot records and wiping file systems.
Organizations today don’t need another thing to worry about with the coronavirus. And yet, here it is! Security researcher Vitali Kremez discovered a new malware variant using COVID-19 as its theming has been seen that in some cases pretends – yes, pretends to be ransomware. It rewrites the endpoint’s MBR and upon bootup posts a message that the machine has been infected with ransomware.
With a little help from some bootup tools, it’s relatively easy to fix this and put the MBR back as it should, allowing the machine to boot normally.
But MalwareHunterTeam has spotted another variant in the wild in Italy that also looks to (albeit inefficiently) delete the files on an endpoint.
No idea why someone would go through such trouble to create destructive malware when there’s no monetization scheme. Whether a joke or intended for espionage, these kinds of malware can kill IT and user productivity, hurting the organization.
While these examples of malware are nowhere near as destructive as some of the other attacks we’ve seen recently, it’s still important to educate users to not click on attachments from unknown, unexpected, or unsolicited senders. Security Awareness Training can help minimize the human attack surface within an organization, reducing the likelihood that attacks and scams using social engineering can trick users into engaging with malicious content.