This new malware locks you out of Windows 10 - but there’s a simple fix

‘Your computer has been trashed’, scam says

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers have discovered a new malware scam capable of lockingWindowusers out of their PCs - the first of its kind to play on fears surrounding the ongoing pandemic.

Referred to as MBRLockers, this group of malware substitutes the Windows Master Boot Record (MBR), preventing theoperating systemfrom starting up as usual.

Victims are typically presented with a ransom note demanding an unlock key is purchased via the dark web, or simply a derisive message from the hacker.

According to MalwareHunterTeam, the group responsible for the discovery, the new malware is being diffused as executable file COVID-19.exe.

Windows malware

Windows malware

The new coronavirus-themed malware reportedly executes a batch file that shifts various data, configures certain programs to open on boot and then forces Windows to restart.

Once the PC has restarted for the first time, the user is met with an image of the coronavirus and a jeering message: “coronavirus has infected your PC!”. On every subsequent restart, a plain-text message reads “Your Computer Has Been Trashed (sic)”.

An investigation by cybersecurity firms Avast and SonicWall found the malware also executes a program that backs up the original MBR to a separate location and replaces it with a custom version, responsible for the threatening messages at restart.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The Avast investigation also uncovered a bypass included in the custom MBR that allows affected users to revert to the original and boot Windows as normal. This can be performed by pressing the CTRL, ALT and ESC keys simultaneously.

Opportunist cybercriminals of all varieties are capitalising on panic surrounding the coronavirus. Recent weeks have seen ransomware and DDoS attacks on healthcare institutions, including the World Health Organisation, and a multitude of virus-themed phishing scams enter circulation.

Users are advised to exercise particular caution when downloading files, ensure devices are protected witheffective security softwareand useVPNservices to preserve online privacy.

ViaBleeping Computer

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report