And it's related to a false positive. Windows Defender and Microsoft Security Essentials cause some Windows computers to produce a failed boot. The software falsely identifies the bootloader of open-source encryption software DiskCryptor as malware.

DiskCryptor is falsely detected as a positive, and is identified as BadRabbit ransomware reports myce. BadRabbit currently makes the rounds, mainly in Russia, Ukraine but it has also been detected in Turkey and Germany:

To encrypt data, BadRabbit uses DiskCryptor, which is likely why Microsoft’s security applications mistakenly deleted legitimate installations of DiskCryptor.

Even worse, both applications deleted the legitimate DiskCryptor bootloader making it impossible to boot to Windows.

“I had this issue at work today. Total nightmare. Had to use a WINPE boot flash drive to reload the Diskcryptor bootloader on users who rebooted already. Then, go in and turn off real time protection in Security Essentials, scan the computer to find the “virus”, set it to allow, then turn real time protection back on and make sure the bootloader was still loaded,” user letgomylego writes on Reddit.

Despite the fact that the ransomware calls itself BadRabbit, Microsoft has named it Win32/Tibbar.A. The company provides additional information about the malware on its website but hasn’t confirmed the issues with DiskCryptor yet.

Microsoft’s security software causes some Windows PCs to no longer boot