Ransomware has been around since 2005, 11 years. The new part in 2005 was the charging for access, the ransom part, the encrypting the filesystem or Master Boot Record or File Allocation Tables have been around since 1994. Viruses like Monkey and Slovak bomber would encrypt the Master Boot Record and/or files and your data would be inaccessible if they were removed improperly, but they didn’t charge for removal and access. This isn’t really a new trick. It is just a new variant.
Any smart ransomware would hit those first…THEN start on the files afterwords. I surprised that this combo isn’t the defacto method of attack.
Many of them already do. DiskDrill does for sure. It saves its own MFT for recovery.
While there isn’t a lot of info out yet, it appears that this is a windows specific vector and only affects NTFS on windows machines. EXT4 and HFS and all the other filesystems are out of the scope of this specific malware.
