Rombertik is a new password stealing malware product that works by copying everything you type into a web browser window, and basically works as a keylogger. The goal is to steal your user credentials for online sites such as email, social network accounts, shopping accounts, and bank or other financial accounts. This is a pretty scary bit of malicious software. But there is more.
Rombertik has a revenge feature built into it. If detected and removal is attempted, it will overwrite the master boot record, or MBR, which makes the computer unbootable, and makes recovering your data from the affected disk very difficult, and possibly very expensive if your disk needs to be recovered by a data recovery firm. If Rombertik is unable to overwrite the MBR, it will instead encrypt all the files in the users home folder using an RC$ encryption key. This will also render the data unrecoverable.
Pretty sure I’ve run across this one with a client recently, and he ended up paying $1200 to have the data professionally recovered. A less expensive solution would have been subscribing to Carbonite ($60 per year) or some similar online backup service. Doing the quick math, $1200 is 50 years worth of online backup. You can order Carbonite from this link
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com