Unlike previous Shamoon attacks, he said that latest attacks involved a second piece of wiping malware that deletes and overwrite files on the infected computer after which Shamoon will erase the master
boot record of the computer, thus making it unusable.
Shamoon disables computers by overwriting a file known as the master
boot record, making it impossible for devices to start up.
The attack would overwrite a victim's Master
Boot Record, leaving them with no means of recovering their files.
NotPetya's encryption process presents a fake chkdsk splash page, which encrypts the hard disk master
boot record if a privileged user executes it.
In May 2016 Kaspersky Lab discovered Petya ransomware that not only encrypts data stored on a computer, but also overwrites the hard disk drive's master
boot record, leaving infected computers unable to boot into the operating system.
The end result of ransomware is to lock up the files on infected machines and demand a ransom to retrieve the data, though the true goals of the NotPetya creators may have been disruption rather than monetary gain, NotPetya's encryption process presents a fake chkdsk splash page, which encrypts the hard disk master
boot record if a privileged user executes it.
This virus restarts the victim's device, encrypts the Master File Table, and exchanges the Master
Boot Record with a series of malicious software instructions that shuts down the device.
TEHRAN (FNA)- Cisco Systems' Talos team has developed an open-source tool that can protect the master
boot record of Windows computers from modification by ransomware and other malicious attacks.
overwrite the hard disk drive's master
boot record (MBR), leaving infected