How to keep ransomware from encrypting your hard drive on a Windows 10 PC
A less frequent, but nonetheless potential threat to systems, regardless whether they run Windows 10, Linux or macOS, is MBR-based ransomware. MBR stands for Master Boot Record, which is the very first sector of a hard drive.
The MBR contains a partition table, which determines what operating system is allowed to start, and whether the disk should be divided (partitioned), into separate logical drives. For instance, the same physical hard disk can be split into multiple logical volumes like C:\, where the operating system resides, D:\, which can be used for the storage of applications, and D:\ for temporary files and other miscellaneous tasks.
MBR-based ransomware doesn’t encrypt any files on the drive itself, but it does encrypt the MBR, which effectively locks up the hard drive and renders it unable to boot until an encryption key is provided by the perpetrators.
Software engineers Cisco Talos and Yves Younan have developed “MBRFilter”, a solution that effectively prevents all MBR-level attacks, including from ransomware. MBRFilter is a Windows driver designed to detect all programs trying to access the Master Boot Record, and block their execution.
A YouTube video released by Bleeping Computer’s Lawrence Abrams, shows how different types of ransomware react when running after MBRFilter is installed:
As the video demonstrates, neither Satana, nor Petya are able to get to the MBR. For demonstration sake, Abrams also performed a test with a Petya+Mischa combo, designed to automatically install Mischa, in case the user clicks No at the UAC prompt, which reverts to encrypting local files locally.
For Windows 10 users this is definitely one extra line of defense against ransomware, and one that can be installed easily on most Windows systems, by simply downloading the appropriate version of MBRFilter for your operating system, either 32-bit or 64-bit, from GitHub, at: https://github.com/vrtadmin/MBRFilter/releases.
The downloaded file, as mentioned previously, is essentially a Windows driver that can be installed easily by right-clicking on the file, and selecting “Install”. This will prompt a reboot of the PC, after which the driver will become operational and block any Windows program attempting to encrypt the Master Boot Record.
With this in mind, the experimental nature of this driver should be taken into consideration before rushing to install it on your system, especially when running an Insider Preview Build of Microsoft Windows 10. While there isn’t any malware-related harm that can come to a system from these files, compatibility and other instability issues may arise when using any third party software on an untested system, and it goes without saying that due caution should be exercised.
Ready to shop?
PortableOne has the best deals on Windows 10 Pro laptops, featuring the latest hardware-based security features, and full BitLocker encryption to protect your files from prying eyes.