A malicious actor is trying to discredit two of the more well-known personalities in cybersecurity circles by including their names in a note that accompanies a new MBRLocker that has been making the rounds.
MBR stands for master boot record. This malware replaces the MBR which effectively stops the computer’s operating system from restarting. Instead when the computer attempts to restart a profanity-laced plain text note appears saying the computer problems come courtesy of Security researcher Vitali Kremez and MalwareHunterTeam, reported Bleeping Computer researchers.
There is another version of the note the adds the name the security company SentinelOne stating “you need to buy SentinelOne antivirus in order to restore you computer” but then says Kremez must be contacted using one of the two supplied emails to again gain access to the computer.
Neither Kremez, MalwareHunterTeam or SentinelOne are in any way responsible for what is taking place.
The malware itself is reportedly hidden in programs downloaded from free software and crack websites. It does not ask for a ransom, but seems to be a throwback type attack that were launched merely for the enjoyment of the threat actor.
Why exactly the attacker is trolling these three names is not known.
MBRLockers usage is on the rise thanks to a publicly available tool. This may be good news as this MBRLocker variant creates and stores a backup of the original MBR enabling some people to regain access.
“In one sample, there was also a fail-safe keyboard combination of pressing the CTRL+ALT+ESC keys at the same time to restore the MBR and boot the computer. Unfortunately, we have not been able to get the sample of this malware as of yet to determine if it’s the same builder or if the keyboard combination works,” Bleeping Computer said.
However, Kremez tweeted a full recovery might not be possible.