Rombertik goes beyond the typical indignation provoked by malware. It has been described as the suicide bomber of computer viruses and once a machine is infected, it’s basically game over.
Discovered and publicised by Cisco’s security researchers, experts have issued a major alert over the malware, which can cripple a computer if detected by any Anti-Virus software.
How does Rombertik work?
Rombertik can infect Firefox, Chrome and Internet Explorer – once in place it collects sensitive data (like passwords and bank details) before it’s encrypted – then it shares it with a third-party.
Rombertik doesn’t target sensitive websites in particular but instead tries to steal credentials for as many websites as possible.
Why does the Rombertik Virus go nuclear?
The main danger with Rombertik over similar malware is its kamikaze attitude. Before it starts any malicious behaviour, it’ll take one last check to make sure it’s not being scanned.
If something is scanning it, it will attempt to destroy the Master Boot Record (MBR) – and restart the computer – rendering it unusable as it will continuously try to boot.
If the deadly virus can’t destroy the MBR, it will instead encrypt all files on the host’s machine – similar to CryptoWall and other Ransomware.
Cisco have warned this would make the machine unusable. “Rombertik will trash the user’s computer if it detects it’s being analysed,” a researcher said.
How do you prevent Rombertik infections?
First thing’s first, it’s so important to keep your machine healthy. Rombertik usually finds its way onto a machine through phishing messages that have been opened.
You can see our guide to avoiding illegitimate messages here.
The following precautions are encouraged by Sophos:
- Only logon with Administrator privileges when you need to – Rombertik can’t write to the MBR without these.
- Take regular backups, and keep at least one backup off-site – if infected by Rombertik or any other ransomware, your files could be encrypted.
We offer download and email checks to our customers, as well as Email and Virus scanning. If you don’t want your business to suffer through the Rombertik virus, speak to us today or call us on 0208 232 1190.