Rombertik Kills Your Hard Drive
CyberCriminals are sending out a new phishing email, hoping to entice users to download, and open the attachments.
The attachments, instead of containing the information promised, infects the user’s machine with the extremely deadly malware Romertik.
Here is an example of the phishing email being received:
What is Rombertik:
Rombertik is a new strain of malware recently discovered by InfoSec researchers at Cisco’s TALOS group, which spreads through phishing emails.
Rombertik, monitors everything that happens inside an infected machine’s browser, and exfiltrates it to a server controlled by the attacker.
It steals your information, and sends it to the CyberCriminals.
All that’s missing is the bow on top.
However, if Rombertik detects it is being analyzed by Anti-Malware Software it acts similar to a suicide bomber. It takes deadly evasive action and actively attempts to destroy the computer. It wipes the Master Boot Record (MBR) or home directories. This traps the computer in an endless boot loop, rendering it unusable.
In the case that Rombertik cannot get access to the MBR, it starts encrypting all files in the user’s ‘home’ folder (ex. C:\Documents and Settings\Administrator\). You then end up with random, shredded bits instead of files.
What You Can Do About It
1. Have multiple layers (and different Anti-Virus engines) of malware scanning in place. The firewall, your mail server/email gateway, and the desktop. That means a different vendor, using a different Anti-virus engine for your firewall, your mail server/email gateway, and your endpoint Anti-Virus.
2. Have Security Awareness Training in place. Follow up with random simulated phishing attacks, which will keep them on their toes, and aware of security.
You can’t stop CyberCriminals from targeting you,
But you can be prepared for their arrival, and have full shields up.