Rombertik is a new password stealing malware product that works by copying everything you type into a web browser window, and basically works as a keylogger. The goal is to steal your user credentials for online sites such as email, social network accounts, shopping accounts, and bank or other financial accounts. This is a pretty scary bit of malicious software. But there is more.
Rombertik has a revenge feature built into it. If detected and removal is attempted, it will overwrite the master boot record, or MBR, which makes the computer unbootable, and makes recovering your data from the affected disk very difficult, and possibly very expensive if your disk needs to be recovered by a data recovery firm. If Rombertik is unable to overwrite the MBR, it will instead encrypt all the files in the users home folder using an RC$ encryption key. This will also render the data unrecoverable.
Pretty sure I’ve run across this one with a client recently, and he ended up paying $1200 to have the data professionally recovered. A less expensive solution would have been subscribing to Carbonite ($60 per year) or some similar online backup service. Doing the quick math, $1200 is 50 years worth of online backup. You can order Carbonite from this link