MBRFilter: Ransomware threats have grown exponentially and malware developers have begun to make use of MBR (Master Boot Record) στις επιθέσεις τους. Με λίγα λόγια; Κλειδώνει ολόκληρος ο υπολογιστής και όχι μόνο μερικές καρτέλες με σημαντικά αρχεία.
The Talos team at Cisco Systems has released one free open source tool that protects the MBR sector of computers from modification by bootkits, ransomware and other malicious attacks.
This Master Boot Record (MBR) is the first partition (512 bytes) on your hard drive that the bootloader stores, a piece of code that is responsible for booting the operating system. Technically, Bootloader is the first code that is executed by the system BIOS and tells your computer what to do when it starts.
Advanced malware programs, such as rootkit and bootkits, exploit this process to infect computers by modifying the MBR.
A malicious λογισμικό εκκίνησης ή bootkit, έχει τη δυνατότητα να εγκαταστήσει ransomware ή άλλα κακόβουλα λογισμικά στον πυρήνα των Windows, τα οποία είναι σχεδόν αδύνατο να ανιχνευθούν, και έτσι παίρνουν απεριόριστη και μη εξουσιοδοτημένη access σε ολόκληρο τον υπολογιστή σας.
So, the best way to protect your computer from such bootkits is to restrict your MBR from being replaced by unauthorized software.
The Cisco security team, Talos team, has done this with the following freeware software.
You can find it here.
The MBRFilter tool is nothing more than a signed system driver that puts the MBR in "read-only" mode and prevents any malware from modifying the MBR port data.
https://www.youtube.com/watch?v=nLyOi75Wu3A