Categories: NewsSecurity

Redboot “Ransomware” Is Capable of Permanently Altering Hard Drive Partitions

RedBoot is a new bootlocker ransomware which seemingly modifies computers’ partition tables. Users are unable to decrypt their files or restore their partition settings whatsoever. It is not the first time we have seen a crossover between ransomware and data wiping capabilities in the malware world. There have been a few types of malware which disguise themselves as ransomware but effectively delete encrypted data. 

RedBoot Is a Very Serious Threat

Malware developers must continually come up with new ways to trick computer users into making ransom payments. While ransomware itself still proves pretty successful in this regard, adding some more pressure can help move things along at an accelerated pace. It appears that is the primary objective of RedBoot right now, as it is quite a powerful tool which can wreak a lot of havoc. This is not your average ransomware strain by any means, as its real purpose is even more nefarious.

More specifically, it turns out RedBot is capable of encrypting files on a computer. That in itself is not entirely surprising these days, as many types of malicious software use this method. However, there is a lot more to RedBoot, as it also replaces the Master Boot Record on a target computer. We have seen this behavior before, but not in a permanent capacity. Plus, in this case the tool modifies the partition table to cause irreparable damage.

What is pretty disconcerting about RedBoot is how there is no way to restore a computer’s Master Boot Record once the damage has been done. Nor can victims restore the partition table, which means they can’t effectively recover or restore their files whatsoever. This seems to indicate this new malware type is intent on wiping data

Related Post
completely rather than simply collecting a Bitcoin payment. Security experts fear this was done on purpose, rather than being an oversight on the part of the RedBoot developer.

As one would come to expect, the name RedBoot is aptly chosen. Once a victim is infected with this malware and their computer is rebooted by the program, he or she will see a red screen containing a ransom note during the boot procedure. This ransom note is generated by the modified Master Boot Record, which is pretty interesting. There are no specific instructions as to how to obtain a recovery ID other than by sending an email and copying the ID key. There is no central command & control server being used right now, nor is there any request for a Bitcoin payment either.

Most people who have been paying close attention will know that paying a ransom has no purpose whatsoever. This malware is clearly designed to wipe data and make file recovery impossible. There is no indication as to how one could enter a decryption key either, as it has no text boxes which could be used to do so. It is possible the developer will send a different executable file for this particular purpose, although that seems highly unlikely. Paying the ransom will not result in getting files back; that much is certain.

The bigger question is whether or not tools such as RedBoot will become more common in the world of cybercrime. If that were the case, things would go from bad to worse pretty quickly. Data wipers are a legitimate threat to computer users all over the world, and developers often deploy such measures as a cyber weapon first and foremost. Even though this tool was created with the AutoIT language, it certainly is a big problem when you have to deal with it. It is possible this is still a buggy form of ransomware, but for now it’s difficult to say for sure.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

11 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

11 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

12 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

12 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

16 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

17 hours ago