TMCnet Feature
April 06, 2020

Startling New COVID-19 Malware Could Wreak Havoc on Your Computer's Hard Drive

Insidious new attacks are targeted boot sectors of hard drives and erasing data. Learn how to protect remote computer users with cybersecurity solutions 

As companies grapple with the economic and public health fallout of the COVID-19 crisis, cyberthreats are emerging at an alarming rate.

These attacks are threatening operations a jittery employees shift to at-home operations. The attacks frequently come disguised as emails that dupe unsuspecting readers into launching malware that can cripple websites or infiltrate computer systems.

One of the more recent attacks goes even deeper, erasing data completely.

These attack threats are malicious in a different way than the typical hacker activity, which frequently tries to steal data or hijack systems for financial gain. Instead, these attacks are designed to inflict damage.

What Is the Latest COVID-19 Malware Threat?

Researchers have identified multiple strains of malware that cause damage by either wiping files completely or altering a computer's master boot record (MBR). The MBR is an important component of a hard drive. It's the first sector and shows the computer where the operating system is located so it can be loaded correctly.

Greg LaScala, who provides corporate IT support for large and emerging enterprises across the US takes a look at how the MBR-rewrite attacks work.

First, the malware disables the Windows Task Manager and displays a window that cannot be closed. While users try to address that issue, the malware is working to rewrite the MBR. The malware then reboots the machine; the newly rewritten MBR kicks in, sending users to a pre-boot screen instead.

To regain access to their computer, users will need to use apps designed to recover and rebuild the computer's MBR to a usable version.

What Coronavirus Malware Erases Files?

The more insidious malware does far worse than rewrite an MBR.

The first so-called data wiper was first discovered in February 2020 and is believed to have targeted Chinese users. A second, similar strain is suspected to have originated in Italy.

Both are considered "poor wipers," according to a ZDNet article. The malware is inefficient, taking more time to delete files and being riddled with errors.

Why Are There So Many COVID-19 Cyberattacks?

Security companies and government agencies the world over are reporting an uptick in cyberattacks, preying on the vulnerabilities people are feeling about the pandemic. The World Economic Forum has issued the following guidelines to businesses to protect themselves from these threats:

  • Understand Threats. Businesses should use cybersecurity assessments to identify potential threat vectors, especially those that have arisen as more staff are working from home. Priority should be given to sensitive data and business-critical applications
  • Guide and Communicate. Detail policies for working from home and communicate with employees about the rising threats of cyberattacks and what they can do to protect the business
  • Use Security Measures. Companies can use many technology solutions to protect themselves, their users and the devices (both company-issued and employer-provided). These solutions can help extend the network security used on-premises to remote users. They include:
    • Connecting users securely using cloud-based apps, such as videoconferencing, meeting management and shared work tools. Note: Hackers are also targeting applications like Zoom, which is used for remote meetings, for attacks
    • Endpoint protection on laptops and smartphones
    • VPN for encrypted connections to company networks
    • Muli-factor authentication
    • Automated threat intelligence monitoring, detection and reporting
    • Automated domain filtering to prevent connections to malicious URLs
    • Anti-phishing, anti-spam and anti-malware programs

Unfortunately, the threats to corporate data and productivity are all too real. Locking down your cybersecurity solutions has never been more essential.

» More TMCnet Feature Articles


» More TMCnet Feature Articles