MBRFilter: Ransomware threats have grown exponentially and malware developers (malware) έχουν αρχίσει να κάνουν χρήση του MBR (Master Boot All time lap record) στις επιθέσεις τους. Με λίγα λόγια; Κλειδώνει ολόκληρος ο υπολογιστής και όχι μόνο μερικές καρτέλες με σημαντικά αρχεία.
The Talos team at Cisco Systems has released a free tool, open source that protects computers' MBR sector from modification by bootkits, ransomware, and other malicious attacks.
This Master Boot Record (MBR) is the first partition (512 bytes) on your hard drive that the bootloader stores, a piece of code that is responsible for booting the operating system. Technically, Bootloader is the first code that is executed by the system BIOS and tells your computer what to do when it starts.
Advanced malware, such as rootkit and bootkit, take advantage of this process to infect computers by modifying the MBR.
A malware startup or bootkit, has the ability to install ransomware or other malware into the Windows kernel, which is almost impossible to detect, thus gaining unlimited and unauthorized access to your entire computer.
So, the best way to protect your computer from such bootkits is to restrict your MBR from being replaced by unauthorized software.
The Cisco security team, Talos team, has done this with the following freeware software.
You can find it here.
The MBRFilter tool is nothing more than a signature program system driver that puts the MBR in a “read-only” state and prevents any malware from modifying the data of the MBR segment.
https://www.youtube.com/watch?v=nLyOi75Wu3A
