Categories: NewsSecurity

Redboot “Ransomware” Is Capable of Permanently Altering Hard Drive Partitions

RedBoot is a new bootlocker ransomware which seemingly modifies computers’ partition tables. Users are unable to decrypt their files or restore their partition settings whatsoever. It is not the first time we have seen a crossover between ransomware and data wiping capabilities in the malware world. There have been a few types of malware which disguise themselves as ransomware but effectively delete encrypted data. 

RedBoot Is a Very Serious Threat

Malware developers must continually come up with new ways to trick computer users into making ransom payments. While ransomware itself still proves pretty successful in this regard, adding some more pressure can help move things along at an accelerated pace. It appears that is the primary objective of RedBoot right now, as it is quite a powerful tool which can wreak a lot of havoc. This is not your average ransomware strain by any means, as its real purpose is even more nefarious.

More specifically, it turns out RedBot is capable of encrypting files on a computer. That in itself is not entirely surprising these days, as many types of malicious software use this method. However, there is a lot more to RedBoot, as it also replaces the Master Boot Record on a target computer. We have seen this behavior before, but not in a permanent capacity. Plus, in this case the tool modifies the partition table to cause irreparable damage.

What is pretty disconcerting about RedBoot is how there is no way to restore a computer’s Master Boot Record once the damage has been done. Nor can victims restore the partition table, which means they can’t effectively recover or restore their files whatsoever. This seems to indicate this new malware type is intent on wiping data

Related Post
completely rather than simply collecting a Bitcoin payment. Security experts fear this was done on purpose, rather than being an oversight on the part of the RedBoot developer.

As one would come to expect, the name RedBoot is aptly chosen. Once a victim is infected with this malware and their computer is rebooted by the program, he or she will see a red screen containing a ransom note during the boot procedure. This ransom note is generated by the modified Master Boot Record, which is pretty interesting. There are no specific instructions as to how to obtain a recovery ID other than by sending an email and copying the ID key. There is no central command & control server being used right now, nor is there any request for a Bitcoin payment either.

Most people who have been paying close attention will know that paying a ransom has no purpose whatsoever. This malware is clearly designed to wipe data and make file recovery impossible. There is no indication as to how one could enter a decryption key either, as it has no text boxes which could be used to do so. It is possible the developer will send a different executable file for this particular purpose, although that seems highly unlikely. Paying the ransom will not result in getting files back; that much is certain.

The bigger question is whether or not tools such as RedBoot will become more common in the world of cybercrime. If that were the case, things would go from bad to worse pretty quickly. Data wipers are a legitimate threat to computer users all over the world, and developers often deploy such measures as a cyber weapon first and foremost. Even though this tool was created with the AutoIT language, it certainly is a big problem when you have to deal with it. It is possible this is still a buggy form of ransomware, but for now it’s difficult to say for sure.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

OKX Wallet Sees Whales Massive Moves; More on Plus Wallet & Coinbase  

Plus Wallet Impresses with its Speedy 15-Min Token Listings While Coinbase Unveils AI Tool &…

2 hours ago

100% Bonus with BlockDAG! Ethereum Eyes Breakout, Sui Plans To Expand

BlockDAG Rolls Out Limited Time 100% Bonus For Community While Ethereum Price Looks Bullish &…

3 hours ago

Best Crypto Wallets 2024: Top Choices for Security & Rewards

The 5 Best Crypto Wallets Worth Using in 2024 — Find Out Why Selecting a…

4 hours ago

Ethereum Ecosystem Primed For A November Rally – ETH Coins Chainlink (LINK), Toncoin (TON), And Cutoshi (CUTO) The Ones To Watch

With a Total Value Locked (TVL) of $50.72B, Ethereum is the world's largest blockchain, with…

11 hours ago

Analysts Predict a Rollblock 5000% Surge Dwarfing Pepe Coin and Popcat Recent Fame

The meme coin market has recently been surging once again; tokens such as Pepe and…

21 hours ago

FLOKI Dominates Meme Market as Rollblock ICO Skyrockets. Is Polkadot Losing Its Edge?

The FLOKI price has recorded over 300% yearly ROI, dominating crypto gains in the meme…

21 hours ago