Use This Free Tool to Protect Your Computer from MBR Malware and Ransomware

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Cisco’s Talos team released today a new free tool called MBRFilter that protects a computer’s MBR sector against unauthorized access, which can be useful for safeguarding PCs against MBR-targeting malware, such as the Petya, Satana, or HDDCryptor ransomware.

At its core, the tool is nothing more than a driver that changes your MBR into a read-only mode and prevents any application from modifying or writing data to that particular section of your hard drive.

The MBR stands for Master Boot Record and is a special section of all hard disk drives.

The MBR is located right at the beginning of the HDD’s storage space and keeps information on partitions in a component called the MFT, or the Master File Table.

The MBR also stores the computer’s bootloader, an OS component responsible for booting the current OS.

Ransomware such as Petya, or other MBR malware (bootkits), force computers to restart, and during the subsequent reboot process, they write new data to the MBR, adding their own malicious routines.

Cisco says MBRFilter blocks these operations, preventing Petya or other malware from tinkering with a computer’s boot record.

Cisco has open-sourced the MBRFilter source code on GitHub. Pre-compiled MBRFilter driver installers for Windows 32-bit and 64-bit platforms are also available for download. Below is a demo video of MBRFilter in action.

Previously, the Cisco Talos team had released LockyDump, a tool that helps security researchers extract configuration details for the Locky ransomware, which can be useful for tracking ransomware campaigns over time.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply