What is MBR & MFT
MBR or Master Boot Record is the small allocated space on disk which stores the information about disk partitions and file system configuration. In simpler words, MBR is responsible for booting up your operating system and storing and retrieving data essential for that. MBR also maintains a table called “Master Partition Table” that identifies partitions made on a hard disk. MBR is generally stored in the first sector or in other words at the front of every other data in the hard disk. There is another database called MFT or Master File Table. MFT is a database that stores information about each and every file or directory on your system. Protecting both MBR and MFT is very much necessary. Malicious software, usually Rootkits can try to override the bootloader and tamper with the computer. Petya, the most prevalent ransomware these days tries to encrypt the MFT and then force victims into Bitcoin payments for regaining access. With the advancement of these rootkits and Ransomware, we need to protect the boot loader.
MBR Filter
MBR Filter is a small driver written to tackle the attacks on the boot record. It is developed by ‘Cisco Talos’ and released for free under an open-source license. You can download the source code, make changes, and compile it yourself or you can download the precompiled version. MBR Filter can prevent any malware, ransomware, or rootkit from tampering with boot records and making changes.
Protect Master Boot Record
What MBR Filter does is triggers security settings and require the system to boot in Safe Mode to make any changes to the first sector or the boot record. Using this driver, you can cut down the access to MBR and MFT for most of the malicious software. All their attempts will go useless once you have MBR Filter installed on your computer. How to install MBR Filter Installing MBR Filter is pretty simple. Go to the MBR Filter website and download the variant corresponding to your system’s architecture. Extract the contents of the zip file, and there will be two files available. Right-click ‘MBRFilter.inf’ and select install. The installation will finish quickly and you will need to restart your computer for the changes to take place.
MBR Filter is intentionally difficult to remove so that malware cannot remove it and gain access to MBR. If you want to test if MBR Filter is working or not, you can download AccessMBR. It will read sector ‘0’ on Physical drive 0 and write that sector back checking if MBR Filter is working properly or not. Closing Words Make sure you install MBR Filter if you want complete protection against ransomware like Petya. If you ever want to make changes to MBR yourself, you can boot your computer to safe mode and do it. Click here to download MBR Filter. Use this tool with caution – preferably in a testing environment first, as it comes with serious consequences. Reads that may interest you:
How to backup & restore Master Boot RecordHDHacker helps you Backup & Restore Boot Sector & MBRHow to repair Master Boot Record.