Rombertik: Malware that destroys your computer when detected

12th May 2015

clip_image002It has been announced in the last few days that a new computer virus has been discovered which has been named Rombertik. The malware is designed to capture any plain text entered into a browser. Nicknamed by Cisco Systems, Rombertik’s primary purpose is a big worry but this new type of malware has an additional destructive threat.

Once setup on a Windows computer, Rombertik will check to see if it has been detected. The malware performs several regular internal checks to establish when it is under analysis. If undetected the malware will continuously steal data entered into any website browser.

Alarmingly, Rombertik will try to destroy your computer if it thinks it has been detected or is under analysis. One of its destructive methods used when detected is to attempt to delete the Master Boot Record (MBR) which is an essential Windows system file. The malware will then restart your computer and because the MBR is missing, your computer will continuously restart in an infinite loop. To restore a PC at this stage, with its MBR files removed, you are required to complete a full reinstallation of the Windows system and you will lose all your data stored on the internal hard drive.

The malware also attempts to trick analysis in order to maintain its covert operation. One reported method that Rombertik employs to avoid detection is to commit a byte of data to the computer’s memory 960 million times. Doing this overwhelms any virus detection software as it attempts to detect the malware.

Malware and computer virus prevention

It has been reported that this type of malware is being passed on through spam and phishing messages, some of which are made to look like business enquiries from Microsoft. In the case of Rombertik, the biggest step your business can take in preventing this kind of virus from reaching your system is to have strict email security protocols in place which can block certain types of attachments. You should also make sure staff are aware of the risks involved and highlight the importance of not opening attachments from unknown email accounts. Regularly backing up your computers’ data to an external drive is also advisable as you will be able to restore your work, up to the last back up date, should the worst happen.

Get in touch

Can't find what you're looking for or have further questions, please give ECL a call on 01268 575300 or fill out the form below and we will get back in touch as soon as possible...

Please enter your name.
Please enter a valid email address.
Please type your message.

Please check the captcha to verify you are not a robot.

IT Support

ECL recognises that every client is different, and every client has a different IT support requirement. Whatever the size of your business, we can offer a support scenario to suit your needs.

Cloud Services

Whether your business already uses Cloud services or you’re considering the Cloud as a possible way forward, talk to us first. We can provide anything from fully hosted IT infrastructures on our own ECL Private Cloud, to simple on-line backups. We can also give expert advice on Office 365 and other Cloud platforms.

Disaster Recovery

How would losing access to your IT systems and data for days, or even weeks, affect your business? For many if not most companies this would be a nightmare scenario, with potentially very serious consequences.

Office 365

Cloud services could potentially lower your overall costs and gives your employees all the tools they need alongside the correct layers of security and compliance.

Client reviews