Had one virus trash my computer a few years ago and it couldn't be repaired.  Had to buy another.  So I'

ve been there and try and watch where I go and what emails I open but that's getting harder to do.

Sadly, such malware can be surreptitiously inserted in elements of very legitimate websites or in the advertising feeds that accompany them and you have no defense unless you have anti-ransomware & anti-exploit software deployed.  I'm using Cybereason RansomFree, MalwareBytes Premium which incorporates both functions and Bitdefender which also has anti-ransomware & anti-exploit modules.

Not sure that's enough.

With all the variants, the lag in signature updating is impossible to narrow... damned criminals.

Once again....

The absolute very best way to protect your system, yes that means OS (and yes protecting it from yourself) is now and always has been to never ever run any process with privileges it doesn't NEED.

Specifically any application and/or process that may ever come into contact with the internet (ie. browser, email, hell...pretty much any app these days). So....in that vein, USE your system from a heavily restricted account, and only ever break out the admin account when 'modification' of system properties is ABSOLITELY necessary.

Listen to the_Monk.  Apply his principles.  Live long and prosper. 

Boot sector viruses.... everything old is new again

what the_Monk said and make an external back-up of OS and files.

ransomware... this world is crazy

I actually thought this world would become less and less crazy, but in the last decade craziness skyrocketed...

If it were only that simple...how about apps which elevate privileges on installation...paradoxically, antivirals and anti-malware apps. They themselves become the holes in your system.

Absolutely.  Which is why one should seriously consider the 'need' for any/all apps, as well as additional security software.

Of course that doesn't change the fact that most payloads of malware that can start the delivery/installation process by simply 'touching' infected code via a web resource will in fact not be able to perform their nefarious tasks if you just simply don't 'browse the resource' with elevated privileges in hand.  That alone is a huge step towards keeping your system safe.

What a sad, sad world we live in!  The amount of people trying to do unto others what they wouldn't want done to them is horrendous... and given this latest turn of events, things just seem to be getting worse.  If only these things could be traced back to the source so that appropriate action could be taken.

As for this newer ransomware infecting the MBR, I recall reading something a few years ago about undoing MBR attacks in the BIOS.  Whether that's possible with this new wave of ransomware or not, I don't know, but it's worth looking into.

Also, with the increase in malware and cyber attacks in recent times, the_Monk's advice is spot on.  Surfing the net and checking emails from a non-priveleged account is the best protection one can employ.  If you haven't done it as yet, go to Settings> User Accounts and create a new non-priveleged account.

If only, Mark. The MBR is encrypted, just like data files...which in most cases can't be de-encrypted.

You can also run your browser (and other apps as well) in a sandbox.

You can actually boot off the windows install disc and replace (not decrypt) the MBR without reinstalling windows. The command for it is different than it used to be the last time I had to do that but it should still be there even in 10.

Of course, that doesn't help unless the OS files themselves are still usable. Not sure if this encrypts those as well or not.

fixboot /mbr  [I think it was]

Thanks for the reminder.  It was a while ago so I wasn't 100% sure what the process was, having never had to do it, but that's pretty much what I read back then.  As for still being there in Win 10, I imagine it would be.  It's one thing for MS to remove things like WMP, but this is an important system tool and is likely still there.

I sort of recall [from the same article I think] that a similar thing could be done from the motherboard disc, though again I'm not 100% because my memory isn't what it used to be.

No, not fix /mbr... because it is encrypted.  The command needs to be rebuild /mbr or something like that... new /mbr perhaps.

Okay, just looked it up for Win 10..... c:\boot>bootrec /rebuildbcd

According to this article, that's how it's done in Win 10.  The article also covers the methods for XP; Vista; Win 7; Win 8/8.1

Hope this helps everyone... should it ever be needed.