Cyber security experts have reported a new strain of MBR bootlocker named UselessDisk or DiskWriter which has the ability to overwrite the MBR (Master Boot Record) of an infected system. Once it does that, the malware displays a ransom screen on each and every reboot of compromised Windows computer instead of booting into the Windows. The ransom screen displays by this DiskWriter ransomware or UselessDisk malware informs the victimized users about the file encryption and demands 300 USD in the form of Bitcoins in order to get back access to their Windows machine again.
According to the malware researchers, DiskWriter virus or UselessDisk ransomware infiltrates the targeted Windows system with the help of executable files reported as ‘UselessDisk.exe‘ or ‘DiskWriter.exe‘. The sample of this ransomware also contains a PDB string of ‘E:\Debug\UselessDisk.pdb‘, that reveals the reason behind the name of this ransomware i.e. UselessDisk. When the malware invades the user’s computer and gets executed without asking their direct permission, the threat will replace the Master Boot Record with its own malicious bootloader. After that, UselessDisk Ransomware reboots the infected machine using a command ‘shutdown -r -t 0‘.
Later on, when the contaminated device is rebooted, the malware will display a ransom screen which contains message to pay asked ransom money. The operators of this UselessDisk or DiskWriter ransomware instruct the victims to send 300 USD in the form of Bitcoins to mentioned bitcoin wallet address i.e. ‘1GZCw453MzQr8V2VAgJpRmKBYRDUJ8kzco‘. However, at the time of writing this security article, no payments have been made by the affected users to its provided bitcoin wallet address. While testing the sample of UselessDisk ransomware, security experts were not able to eliminate the bootlocker just by fixing the MBR.
Meanwhile, once they fixed the MBR, the compromised computer started displaying an error related to invalid partition table. Hence, it is quite clear that the malware like UselessDisk ransomware or DiskWriter virus purposely corrupts or enciphers the MFT or partition. Technically speaking, there is no email address mentioned in the ransom message for contacting purposes and all the victims of this ransomware receives the same Bitcoin wallet address for ransom payment. Malware analysts feel that the threat was especially programmed to be a destructive one instead of a file-encoder virus. Most importantly, if you have been infected by this ransomware, then avoid paying asked ransom fee and take immediate actions for UselessDisk or DiskWriter ransomware removal.
Related Posts
New AgeLocker Ransomware Abuses Legit ‘Age’ Encryption Tool
Five Ways to Check If a Website Is Safe?
Resolve The Recycle Bin on C:/ is corrupted Error on Windows 10
(Resolved) Headphones Not Working In Windows 10
Best Method To Fix The Javaw.exe Error On Windows
(Resolved) 0X000000A5 Blue Screen Stop Error on Windows