It is due time ransomware attacks are stopped in their tracks at an early stage. Developing free tools to address malware is not an easy task, as criminals often stay multiple steps ahead of security researchers. A new tool has been released to the public, which will bring Petya ransomware attacks and rootkits to a halt. Unfortunately, it does not address other popular malware types right now.
Bringing An End To Petya Attacks, For Now
Cisco Talos Labs is one of the leaders when it comes to released free tools to address ransomware attacks. They new tool open source tool, which goes by the name of MBRFilter – will help fight Petya ransomware attacks. In fact, it is possible for victims to get rid of this malware free of charge when using this tool.
The name Petya has been instilling fear in computer users for quite some time now. This malware showed up in April of 2016 and has been labeled as a critical risk ever since. As this malware is not your average type of ransomware, the rootkit aspect of this code has security researchers worried as well. Thankfully, this new free tool will address that part of the equation as well.
Similarly to other recent forms of malware and ransomware, Petya overwrites the Master Boot Record. As a result, infected devices will be rebooted automatically, after which the hard drive becomes inaccessible. Restoring a Windows backup that is not saved offline or on physical media is made impossible, effectively locking users out of their own system.
What MBRFilter does is ensure such an attack cannot take place, to begin with. By making the Master Boot Record read-only, there is no option for the malware to make any modifications. Since Petya would be unable to overwrite the contents of this record, rendering the attack useless. Moreover, this tool can be used for other purposes than ransomware, as it will stop rootkits modifying MBRs as well.
Unfortunately, this tool will only work with Petya, as it completely ignores other types of ransomware for now. Unlike Petya, the majority of new ransomware types do not necessarily alter the MBR but encrypt files individually. Some versions even encrypt every individual file with its own decryption key, making it virtually impossible to create free tools alleviating these concerns.
Header image courtesy of Shutterstock