Ransomware threat has risen exponentially so much that ransomware authors have started abusing the MBR in their attacks to lock down your entire computer instead of just encrypting your important files on hard drive.
Talos team at Cisco Systems has released a free, open-source tool that protects the master boot record (MBR) sector of computers from modification by bootkits, ransomware, and other malicious attacks.
Master Boot Record (MBR) is the first sector (512 bytes) on your Hard drive that stores the bootloader, a piece of code that is responsible for booting the current Operating System.
Technically, Bootloader is first code that gets executed after system BIOS that tells your computer what to do when it start.
An advanced malware program, such as rootkit and bootkit, leverages this process to infect computers by modifying the MBR.
A boot malware or bootkits has the ability to install ransomware or other malicious software into your Windows kernel, which is almost impossible to detect, and thus takes unrestricted and unauthorized access to your entire computer.
So, the best way to protect your computer against such bootkits is to restrict your MBR to rewrite or overwrite by an unauthorized software.
Cisco’s Talos team free tool does the same.
Dubbed MBRFilter, the tool is nothing more than a signed system driver that puts the MBR into a read-only state, preventing any software or malware from modifying data of the MBR section.
You can watch the video demonstration of MBRFilter in action.
MBRFilter will safeguard your computer against MBR-targeting malware, like the Petya ransomware, Satana, or HDDCryptor ransomware.
"MBRFilter is a simple disk filter based on Microsoft’s diskperf and classpnp example drivers," the team said in a blog post. "It can be used to prevent malware from writing to Sector 0 on all disk devices connected to a system. Once installed, the system will need to be booted into Safe Mode in order for Sector 0 of the disk to become accessible for modification."
MBRFilter is available for both Windows 32-bit and 64-bit platforms, and Cisco has open-sourced its source code on GitHub.