A malware distributor tried to play a terrible prank by locking the victim’s computers before they can start Windows and then blaming the infection on two well-known and respected security researchers.
After downloading and installing software which seems to be from free software and crack sites, people found that they are locked out of their computer before starting the Windows.
After locking out, a message gets displayed on the PC stating that they were infected by Vitali Kremez and MalwareHunterTeam, who are both famous malware and security researchers. In fact, they have nothing to do with this malware.
Another variant named “SentinelOne Labs Ransomware” is also being distributed that targets only Vitali Kremez and displayed his email addresses and phone numbers.
These types of infections are called MBRLockers as they replace the ‘master boot record’ of a computer thereby preventing the operating system from starting and displays a ransom note or another message instead.
This type of infection is used in ransomware attacks such as Petya or as a destructive wiper to prevent people from accessing their files.
Here, it appears like the malware distributor wants to defame the name of Kremez and MalwareHunterTeam and released this infection as a destructive prank.
It is confirmed that MalwareHunterTeam and Kremez have nothing to do with this infection.
Recently, there has been a flurry of new MBRLockers being released that appear to be created for ‘fun’ or as part of ‘pranks’.
Recently, there has been a gush of MBRLockers created using a publicly available tool which is promoted on YouTube and Discord. However, in this case, it looks like the tool was used to create this MBRLocker to troll both Kremez and MalwareHunterTeam.
When creating MBRLockers using this tool, the malware first makes a backup of the original MBR of the computer to a safe location before replacing it.
If this wiper is using the same MBRLocker builder, then it will be possible to recover the MBR so people can gain access to their computer.
One sample even contained a fail-safe keyboard combination of pressing the CTRL+ALT+ESC keys at the same time to restore the MBR and boot the computer.