A SentinelOne researcher is the victim of a troll action in a new ransomware campaign. The malware mentions the researcher as the author and also reveals his personal data.
The cybersecurity company said it had spotted a new MBRLocker variant. but with the name of SentinelOne researcher Vitali Kremez. The ransomware message is filled with swearing and personal attacks. Kremez is called a ‘stupid idiot’ and demands that victims of the malware attack send a message to Kremez’s Twitter account to regain access to their PC. “To protect your f*cking computer in future install SentinelOne antivirus. I work here as head of labs,” says the note.
MalwareHunterTeam researchers are, for some reason, identified in the campaign as Kremez’s husband. “Although we wouldn’t normally comment on such stunts, a lot of attention has already been paid to the problem,” says the company. “Logically, neither SentinelOne nor any of the researchers mentioned are in any way associated with this destructive joke.”
MBRLocker, also known as Dexlocker, is a form of ransomware combined with wiper elements that attempts to modify the Master Boot Record (MBR) of an infected computer. It then asks for ransom money in exchange for restored access to the computer. MBR malware tries to prevent users from booting the computer, even in Safe Mode, but with an additional device it is relatively easy to unlock the computer. In this case, the detected malware seems to be more destructive.
According to the researcher, the ransomware erased the entire 512-byte MBR table, including the partition table, so it is likely that a full system recovery is one of the few options for victims to regain control of their computer. “Wiper malware like the one we’ve seen this week is just a destructive joke that only gets the perpetrators two things: excitement and publicity,” says SentinelOne. “For victims without the protection of a modern security solution, it’s nothing but misery.”