MBRFilter: Threats from Ransomware have increased exponentially and malware developers have begun to use MBR (Master Boot Record) in their attacks. In a few words; Locks the entire computer and not just a few tabs with important files.
Η team Talos της Cisco Systems έχει κυκλοφορήσει ένα δωρεάν εργαλείο, ανοικτού κώδικα που προστατεύει τον τομέα MBR των υπολογιστών από την amendment from bootkits, ransomware and other malicious attacks.
This Master Boot Record (MBR) is the first sector (512 bytes) on your hard drive that stores the bootloader, a piece of code responsible for booting the operating system. Technically, Bootloader is the first code executed by the system BIOS and tells your computer what to do when it starts up.
Advanced malware, such as rootkit and bootkit, take advantage of this process to infect computers by modifying the MBR.
A malicious bootkit, has the ability to install ransomware or other malware into the Windows kernel, which is almost impossible to detect, thus gaining unlimited and unauthorized access to your entire computer.
So, the best way to protect your computer from such bootkits is to restrict your MBR from being replaced by unauthorized software.
The Cisco security team, Talos team, has done this with the following freeware software.
You can find it here.
The MBRFilter tool is nothing more than a signed system driver that puts the MBR in "read-only" mode and prevents any malware from modifying the MBR port data.
https://www.youtube.com/watch?v=nLyOi75Wu3A
