According to the Talos security labs team at Cisco (Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors), a new malware threat called Rombertik is spreading via spam and phishing emails, and installs itself in your browser to steal your banking logins and other sensitive data.
Upon execution, Rombertik will stall and run through a first set of anti-analysis checks to see if it is running within a sandbox. Once these checks are completed, Rombertik will proceed to decrypt and install itself on the victims computer to maintain persistence. Then, the malware checks to see if its code has been analyzed in memory. If it has, it destroys the Master Boot Record (MBR) of your computer and reboot your computer. The reboot process will get stuck at a screen reading "Carbon crack attempt, failed". You will need to reinstall your Operating System (OS) in order to get your PC to work again.
If Rombertik cannot wipe your computer MBR, it will destroy all files in the user's home folder (eg: C:\Documents and Settings\Administrator\) by encrypting all the files in it.
The advice to avoid such attacks is not to open attachments or links in unexpected or dodgy (狡猾的; 危险的) emails, and keep your OS and anti-virus software up to date. You should constantly back up your files so that you have a backup copy to prevent disaster cases like Rombertik encrypting your files.
Backup computer Master Boot Record (MBR)
To backup your computer MBR, please refer to "Fixmbr, Backup your MBR using MBRwizard or MBRFix".
Software to backup your computer
1) AOMEI Backupper Standard v2.8 or higher version (Free)
- Backup system and create a system image to keep Windows and applications safe.
- Back up entire hard disk or specified partitions, or just cloning them.
- Save time and effort with automatic backup and incremental backup only for modified or added files.
- Back up your most important files and folders on a regular basis.
2) EaseUS Todo Backup Free v8.3 or higher version
- Full/Incremental/Differential/Schedule backup
- System/Partition/File backup and recovery
- Disk clone, migrate OS to SSD/HDD
- Support MBR & GPT disk, hardware RAID, UEFI boot, WinPE bootable disk
- Windows 10 ready
3) Acronis True Image (ATI) 2015 for pc (Not free. $69.99 for 1 computer license)
Acronis True Image for pc software is one of the best backup & recovery software. However, there are a few negative comments on the latest version of ATI 2015. It did not recognize those ATI 2014 or below version backups. ATI 2014 or below version cannot restore an ATI 2015 backup. Only ATI 2015 can restore an ATI 2015 backup.
Only chat support is provided. No phone or email contact is provided. User that had used chat support before feedback that it was like someone reading from a script who is not knowledgeable about computers or their own Acronis products.
The below features are discontinued in ATI 2015:
- E-Mail backup
- Acronis Extended Capacity Manager (Allows Windows XP users to work with disks of over 3TB in size)
- Boot-sequence manager (Allows to boot your system from bootable backup)
- "Try & Decide" (Allows to temporarily change your system)
- Local and mixed synchronization (Allows to sync 2 folders on local drives)
Users comments on ATI 2015 are available at Acronis forum: "65498: Summary of Features Removed in ATI2015".
References
[1] Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors
[2] AOMEI Backupper Standard v2.8 or higher version (Free)
[3] EaseUS Todo Backup Free v8.3 or higher version
[4] Acronis True Image (ATI) 2015 for pc
[5] Features that are discontinued in ATI 2015
[6] Acronis forum: 65498: Summary of Features Removed in ATI2015
[7] WebUser issue 371 (May 2015), page 9, New PC malware destroys your data
No comments:
Post a Comment