The thread is about ransomware that overwrites you MBR but doesn't encrypt the files.
This nasty ransomware overwrites your PC's master boot record | PCWorld
Just a followup on this topic. Like the title says, the technique is not easy but better than last resort of paying ransom -
Experts crack Petya ransomware, enable hard drive decryption for free
The technique is not exactly straightforward, but it works.
Experts crack Petya ransomware, enable hard drive decryption for free | PCWorld
I just got to thinking about this. If booted from a repair cd or windows installation cd, why wouldn't Bootrec.exe /fixboot Bootrec.exe /fixmbr and if needed bootrec /rebuildbcd work on this ransonware?
Again I would recommend ALWAYS USE A CLEAN BACKUP to remove any infection no matter how trivial.
Even if you use "Cleansing" software you are still working with an infected computer -- so I wouldn't guarantee the integrity of the cleansing process no matter how good the authors of the software say it is.
I mean would you fly a Dodgy plane and then repair it while it's IN THE AIR. !!!!
You'd of course want to repair it on the ground and replace defective parts -- same with a PC - boot from a stand alone bootable recovery system and restore a clean image.
Easily done --don't get panicked by these Ransomware tales --even if you are misfortunate enough to get one of these it's easy to deal with.
Plenty of decent FREE software for taking images / backups so no excuse --always keep a few and ensure the BACKUP is of course clean (similarly you wouldn't replace a defective part on a plane with another defective part - I hope !!.
Agree with you guys regarding backup's (albeit repairing a plane in mid-flight will be awesome tho') but does standard backup tools protect against MBR corruption/rootkits?
'Suppose repairing BCD with the install media would work - My understanding is that, that is what secure-boot was intended for...
who'se ever heard of a 100% SECURE Jail either -- if it's on a computer connected to the Internet it can be hacked if it's a writeable device.
If the device containing the backup isn't physically on the machine you are safe - so long as the backup is clean it will always restore decently to a HDD. If you are 100% paranoid you can use one of the several secure erase programs to really clean your HDD before restoring !!!!.
Image backups are fine --again some of these have a "Paranoia Mode" by backing up and restoring sector by sector --that's not normally required but can sometimes be useful if the Geometry of the HDD you are restoring to is different from the original --i.e can be bigger (or smaller too - so long as there's enough space for the restored data).
I haven't heard of malware actually corrupting Bioses yet -- the secure boot though only protects the initial boot startup - the actual OS can of course get infected. Secure boot really is only of use to prevent booting from "unauthorized devices" and for most home users is more trouble than its worth - especially if you want to do a lot of testing. Most people usually disable it -- keeping UEFI set of course - the two aren't the same.