Malware Actors Prank Victims by Posing as Renowned Researchers

• Malicious actors are locking down people’s systems and blaming renowned white-hat hackers for it.
• The message sent to the victims is insulting and, obviously, a prank, but the harm can be undone.
• Users are advised to avoid downloading and running cracks for pirated software and games.

According to a report by BleepingComputer, someone has been trying to lock down computers and blamed the ethical hacker and threat researcher Vitali Kremez, as well as the MalwareHunterTeam. The malicious software is distributed through free software and crack sites or torrents, which are known channels of malware dispersion. The malware is capable of locking the users outside their operating system by corrupting the master boot record and preventing the booting of the associated partition. Instead of accessing Windows, the victims are greeted by the following message:

“Hello, my name is Vitali Kremez. I infected your stupid PC. you idiot.
Write me in twitter @VK_intel if you want your computer back
If I do not answer, write my husband twitter.com/malwrhunterteam
To protect your ***ing computer in future install SentinelOne antivirus. I work here as head of labs.
Vitali Kremez Inc. () 2020”

As it becomes evident from the above, the message is moving on the verge of defamation, but it’s a straight-out prank. The researcher, however, could argue that having a Twitter inbox filled with messages of anger isn’t fun at all. A second variant of the malware circulating in the last couple of days is more revealing, giving away the researcher’s phone and email, as shown in the below picture.

Source: Bleeping Computer

MBRLockers are trending right now because a kit that helps people create this kind of malware has been recently released with instructions. Thus, we have been seeing actors engaging in trolling users and playing pranks to researchers. They also lock systems and then ask for the payment of ransoms since the beginning of this month. If you fall victim to an MBRlocker malware infection, remember, your master boot record has been modified, so all that you need to do is to restore it. In some cases, pressing “CTRL+ALT+ESC” simultaneously while viewing the mocking message will do the trick.

Source: supergrubdisk.org

Another method worth trying would be to use the “repair” option on the Windows installation medium, load the command prompt, and enter the following command: “bootrec /FixMbr bootrec /FixBoot bootrec /ScanOs bootrec /RebuildBcd.” Alternatively, you may load a Linux rescue live system to restore your Master Boot Record. All that said, MBRLockers are usually just an annoyance, although non-tech-savvy users may find it hard to deal with and end up paying ransoms, always to no avail, though. Whatever the case, this is a good reminder of the reasons why you should avoid downloading cracked software from obscure sources or torrent sites.