The Mbrlock Ransomware is a peculiar threat, which does not aim to encrypt the user’s files and, instead, it attempts to override the hard drive’s Master Boot Record (MBR) to prevent the user’s operating system from booting. Besides making it difficult for users to start Windows, the MBRlock Ransomware also will use the overwritten MBR to display a message, which tells the victims that their hard drives have been locked and they need to pay a ransom fee to get everything back to normal. The price is set to just 30 yen (about $4), and the author asks to be contacted via the QQ messaging client, which is popular in China. The fact that the authors ask for yens, uses QQ, and have written the entire message in Chinese is likely to mean that they are from that part of the world, as well as the primary targets of the MBRlock Ransomware will be Chinese users.
The good news is that the MBR-locking mechanism utilized by the MBRlock Ransomware’s author is not that advanced. They have opted to use a hardcoded password, which will be provided to victims as soon as they send the ransom payment. However, cybersecurity experts were quick to review the MBRlock Ransomware’s source code and reveal that the hardcoded password is simply ‘ssssss.’ Entering this password in the MBRlock Ransomware’s prompt should reverse the damage done to the MBR and restore the users’ access to their computers immediately.
However, paying the ransom sum that the MBRlock Ransomware demands is not recommended even if the password mentioned above does not work. A certified computer technician should be able to fix the changes made to the MBR quickly. In addition to this, you should make sure to run a credible anti-malware software suite as soon as you manage to boot up Windows. This should guarantee the removal of the files linked to the MBRlock Ransomware, therefore preventing the threat from causing trouble again.