The name MBRlock was assigned to this ransomware infection not accidentally. It is corrupting MRB (short for Master Boot Record) on infected computers. Also, this ransomware can not only require a ransom to be paid, but also exercise various changes on affected systems and even implement other viruses. All those symptoms make this ransomware extremely dangerous and we feel the need to inform our readers about it. Also, we will address possible actions that should be taken if the computer is already infected by MBRlock virus.
Can you imagine if one day such virus attacks your system out of nowhere and you are left with all of your personal files locked. That would be devastating, right? Well, it sure thing that this virus doesn’t come out of a blue – you download those malicious files yourself. The real problem is that it can be tricky for a regular computer user to tell whether files they are about to download are legitimate or not.
Even though we can’t assure that MBRlock ransomware is distributed in one particular way, most probably it is using the most common methods – infecting computers via malicious links and files attached to spam emails.
Cyber criminals are perfect manipulators and often times they are able to craft an appealing email letters to trick people. Usually they engage them with relevant information which is obviously fake, and then encourages users to open the attached file for further details. As it turns out later, attachment features malicious files that uploads ransomware to the computer. So the tip number one – never open emails nor attached files from spam folder.
While it is relatively easy not to open emails from Spam category, a much more difficult task would be to avoid malicious links that can download MBRlock virus to your computer. They are difficult to spot (as malicious), so the possible solution to this problem would be to protect your computer with some real-tie anti-virus shield. There are plenty of programs that can do that, please take a look at our review section.
Lastly, this infection can access your computer if some browser hijacker is operating on it. Even though those browser based infections are not really dangerous itself, they can serve as a silent distributors of much more severe computer viruses like MBRlock.
Malicious processes of MBRlock virus
MBRlock ransomware was built extremely wisely. First thing it is going to do once inside of the computer – scan for various anti-virus applications and try to shut them down. It can deal with some anti-virus programs and shut down or even remove them. There are also security software that MBRlock is not able to deal with, so in this case it simply removes itself from a computer to avoid possible detection. This leads to the conclusion, that if you have a decent anti-malware security on your system, MBRlock is not really dangerous and your files won’t be locked even if you download malicious files.
However, if it successfully disables anti-virus protection, MBRlock will scan for files that can be encrypted. It is capable of locking all of the most common file types, including photos, images, vides, databases or even back-ups. So if you have a backup of your system that is supposed to restore your files after critical error or damage by computer virus, please store it on an external drive or cloud.
This ransowmare adds .mrblock extension to the encrypted files, so if you had a file named “image.jpg”, now it will be named “image.jpg.mrblock” and you won’t be able to open it anymore.
Usually ransomware infections just place a new .txt file or change a desktop screensaver to a ransom note to deliver the instructions on how the ransom should be paid. This is a common practice employed by such ransomware infections like MADA ransomware or PornBlackMailer virus. Unfortunately, in this case MBRlock overwrites Master Boot Record (MBR) – this is where the name of the infection came from. So users won’t be able to even boot their systems and this message will appear every time:
Your disk have a lock!!!Please enter the unlock password
yao mi ma gei 30 yuan jia qq
Moreover, it is definitely not the only malicious feature of this ransomware. It will also constantly scan your computer for private information and cyber criminals behind this virus might even try to blackmail you. Adding to the severity of this virus, it can also modify boot options on your Windows operating system, therefore the virus will launch every time you try to boot your computer.
This virus might also connect your computer to the massive botnet and use it as a slave for high level botnet attacks against various companies and networks.
In some cases MBRlock might let you boot the system (depends on the version of virus you got infected with). However, you are likely to experience much slower work of your machine, random freezes and overall drop in performance. It can also implement other malware into your computer.
Removing MBRlock from infected computer
It is hands down one of the most severe computer viruses we have seen lately. Besides that, it is possible to get rid of this virus – you can do that even manually. However, this requires a deep knowledge in this field, because you will have to modify various registry keys, detect and delete malicious files and even make changes in boot options.
If that sounds too complicated to you, you can automate this process – there are a bunch of tools dedicated to this purpose. Firstly, scan your computer with anti-malware application that is capable of removing such complex virus – use either Spyhunter. Either one of those tools should be able to instantly detect and remove malicious files and also restore normal operation of your computer.
Next, use some free tool for fixing bugs or cleaning malicious “leftovers” of MBRlock – free tool like CCleaner should be sufficient to do that.
Now, if you want to get your encrypted files back (of course you do!), you basically have two options – try some free decryption tools available online or restore your data from a back-up. We don’t want to disappoint you right now, but files encrypted with strong AES encryption as in this case, are really difficult to decrypt and chances are that no decryption tool will be able to do that. Also, if you want to restore your files, you have to have a valid back-up copy that is not encrypted or damaged in any other way. If you do, follow this restore guide to get your files back.
Automatic Malware removal tools