COVID-19 Malware Steals Data and Wipes Hard Drive
New Covid-19 themed attacks are targeting boot sectors of hard drives and erasing data as companies struggle with the economic and public health fallout of the COVID-19 crisis. These attacks are threatening operations as employees shift to telecommuting. The attacks come disguised as emails that trick unsuspecting readers into launching malware that can cripple websites or infiltrate computer systems.
One of the more recent attacks goes even further, erasing data completely. These attack are malicious in more ways than the typical hacker activity, which frequently tries to steal data or hijack systems for financial gain. Instead, these attacks are designed to cause damage.
Researchers have identified several malware that cause damage by either wiping files completely or altering a computer's master boot record (MBR). The MBR is an important component of a hard drive. It's the first sector and shows the computer where the operating system is located so it can be loaded correctly. First, the malware disables the Windows Task Manager and displays a window that cannot be closed. While users try to address that issue, the malware is working to rewrite the MBR. The malware then reboots the machine; the newly rewritten MBR kicks in, sending users to a pre-boot screen instead.
To regain access to the computer, users will need to use apps designed to recover and rebuild the computer's MBR to a usable version. he more insidious malware does far worse than rewrite an MBR. The first data wiper malware was discovered in February 2020 and is believed to have targeted Chinese users. A second, similar strain is suspected to have originated in Italy. The malware is inefficient, taking more time to delete files and being riddled with errors.