Reply to post: Re: UEFI

Ransomware now using disk-level encryption



Yes this is ransomware that overwrites the MBR and then the rogue CHKDSK app overwrites the MFT.

UEFI has nothing to do with it; you're thinking of GPT (probably because they somewhat go hand in hand because Windows requires a UEFI enabled motherboard to boot a GPT formatted disk).

GPT is more secure, yes, but it's not bulletproof. Basically all GPT does (from this standpoint) is store several copies of itself across the disk, so if 1 of the GPT's gets corrupted, it has backups to recover from. Obviously though the issue there is if the ransomware gets smart enough and corrupts ALL the GPT records (which will surely be the next phase that ransomware progresses).

Windows 8 and 10 having 'secure boot' capability helps as well but it doesn't really matter if the GPT (or MBR) is hosed because the OS is not going to boot either way.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019