German Ransomware Threatens Victims, Disables PCs
CREDIT: Mmaxer | Shutterstock
If you become a victim of the BKDR_MATSNU.MCB ransomware, getting it off of your system may not be as simple as running a virus scan. This malware, which has been targeting German users, can wipe out a PC's Master Boot Record (MBR), which prevents a computer from even starting up properly.
The ransomware begins, predictably enough, as an attachment in a spam email. The message informs users that they owe a debt that could land them in trouble unless they open the attachment for details.
The attached file contains a "backdoor," a type of executable file that can report a user's data back to a command-and-control server. Once a backdoor infects a computer, cybercriminals can further compromise a PC by infecting it with other malware or using the computer to send spam.
Backdoors are noisome, but will generally fall to a well-placed scan for viruses or malware. However, BKDR_MATSNU.MCB sidesteps this problem in a rather unique way, by preventing users from even turning their computers on if they refuse to pay up.
Ransomware, as the name suggests, can lock up a user's computer and demand money in exchange for functionality. Particularly sophisticated ransomware schemes can even pretend to be law enforcement agencies, informing users that they must pay a fine or face legal action.
If users don't pay, features on their PCs (usually their Internet browsers) remain locked. Of course, if users do pay, the lock may disappear, but the malware lingers in their systems and opens them up to further exploitation.
BKDR_MATSNU.MCB, on the other hand, gets vindictive if users refuse to pay the phony fee, wiping a user's MBR. If this happens, the computer no longer has any instructions on how to boot up into Windows. Lacking that information, a PC becomes about as useful as a paperweight.
There are three pieces of good news, however. First of all, contracting BKDR_MATSNU.MCB is not a death sentence: Cybercriminals can decide whether to wipe the MBR or just to lock up the system. The latter is usually the more profitable option. [See also: The 10 Biggest Online Security Myths And How to Avoid Them]
If you do acquire the backdoor, and it hasn't completely locked your computer yet, it's also quite easy to get rid of the program with a simple antivirus or malware sweep. If possible, rebooting your PC into Safe Mode will provide your greatest chance at success.
Finally, if the worst has come to pass, and you're reading this on a friend's computer because yours won't boot up, you still have options. By inserting your Windows disc into your CD/DVD/Blu-ray drive and booting from there, you will find the option to "Repair" a Windows installation. After that, reboot into Safe Mode and run an antivirus program.
Right now, the program has appeared primarily in Germany, but similar pieces of ransomware made life very difficult for South Korean and Russian users in years past. If the malware makes its way to the English-speaking world, remember: Don't download strange attachments, and if your computer starts demanding money, something is probably wrong.