The attacker, who seems more interested in trolling certain figures in the infosec industry rather than asking for ransom, displays a note stating that victims were infected by Vitali Kremez and/or MalwareHunterTeam, depending on which variant they downloaded.
Kremez and MalwareHunterTeam are well-known figures in the cybersecurity scene “and have nothing to do with this malware,” Abrams writes. Both have taken to Twitter to confirm that they have nothing to do with this attack.
The malware is based on the infamous MBRLocker, a piece of wiper-ransomware that modifies the master boot record of the victim’s computer so that it shows a ransom note before Windows starts and prevents the computer from accessing the data on its hard drive – hence, prevents it from booting.
It is unclear why this malware author is trying to tarnish the names of the security researchers. From the ransom notes shared by Abrams, it seems the attacker is simply a troll.
Never download software from unofficial sources. Use a trusted security solution at all times to avoid downloading and installing malware on your computer.