What is Rombertik:
Rombertik is a new strain of malware recently discovered by InfoSec researchers at Cisco’s , which spreads through phishing emails.
Rombertik, monitors everything that happens inside an infected machine’s browser, and exfiltrates it to a server controlled by the attacker.
However, if Rombertik detects it is being analyzed by Anti-Malware Software it acts similar to a suicide bomber. It takes deadly evasive action and actively attempts to destroy the computer. It wipes the or home directories. This traps the computer in an endless boot loop, rendering it unusable.
In the case that Rombertik cannot get access to the MBR, it starts encrypting all files in the user’s ‘home’ folder (ex. C:\Documents and Settings\Administrator\). You then end up with random, shredded bits instead of files.
What You Can Do About It
1. Have multiple layers (and different Anti-Virus engines) of malware scanning in place. The firewall, your mail server/email gateway, and the desktop. That means a different vendor, using a different Anti-virus engine for your firewall, your mail server/email gateway, and your endpoint Anti-Virus.
2. Have Security Awareness Training in place. Follow up with random simulated phishing attacks, which will keep them on their toes, and aware of security.