Rombertik

Rombertik is malware that security experts from Cisco Systems' Talos Group first reported on May 4, 2015.

Rombertik spreads through attachments to spam and phishing emails. The program infects computers that use Microsoft Windows as their operating system. The complex software spies on user behavior on the infected computers and sends the information to a control server.

Rombertik's behavior towards antivirus programs is striking . If the malware finds out that it is being analyzed by a protection program, it destroys the master boot record and restarts the computer. If this fails, the malware encrypts the user's data, rendering them unusable. Rombertik also uses various methods to remain undetected.

Individual evidence

↑ ^a ^b ^c Ben Baker and Alex Chiu: Threat Spotlight: Rombertik - Gazing Past the Smoke, Mirrors, and Trapdoors . Talos Group, May 4, 2015
↑ Rombertik: Malware deletes itself when it is discovered - and the hard drive at the same time . Spiegel Online , May 5, 2012
↑ Rombertik: The Scorched Earth Virus . Heise Security , May 5, 2015

[talos-1] Ben Baker and Alex Chiu: Threat Spotlight: Rombertik - Gazing Past the Smoke, Mirrors, and Trapdoors . Talos Group, May 4, 2015

[spon-2] Rombertik: Malware deletes itself when it is discovered - and the hard drive at the same time . Spiegel Online , May 5, 2012

[heise-3] Rombertik: The Scorched Earth Virus . Heise Security , May 5, 2015