MBRFilter: Ransomware threats have grown exponentially and malware developers (malware) have started making use of the MBR (Master Boot Record) in their attacks. In a few words; Locks the entire computer and not just a few tabs with important files.
The Talos team at Cisco Systems has released a free, open source tool code which protects computers' MBR sector from being modified by bootkits, ransomware and other malicious attacks.
This Master Boot Record (MBR) is the first partition (512 bytes) on your hard drive that the bootloader stores, a piece of code that is responsible for booting the operating system. Technically, Bootloader is the first code that is executed by the system BIOS and tells your computer what to do when it starts.
Advanced malware, such as rootkit and bootkit, take advantage of this process to infect computers by modifying the MBR.
A malicious bootkit, has the ability to install ransomware or other malware into the Windows kernel, which is almost impossible to detect, thus gaining unlimited and unauthorized access to your entire computer.
So, the best way to protect your computer from such bootkits is to restrict your MBR from being replaced by unauthorized software.
The Cisco security team, Talos team, has done this with the following freeware software.
You can find it here.
The MBRFilter tool is nothing more than a signed system driver that puts the MBR in "read-only" mode and prevents any malware from modifying the MBR port data.
https://www.youtube.com/watch?v=nLyOi75Wu3A
