RedBoot Ransomware Joins Rankings of Pesky Wiper-Malware Threats
This year a fair bit of cyber criminals have tried their luck with numerous different ransomware attacks. Some are so well crafted that could be considered as a piece of art in the world of cyber crime. An example would be the infamous WannaCry Ransomware which earlier this year ended up infecting hundreds of thousands of users worldwide and earning its creators a great deal of cash. Other such threats, however, aren't as well coded. Cyber crooks who don't have the skills required to create a complex and innovative piece of malware usually "borrow" code from one another, modify it and just fit it together. Thus, they create something similar to the malware equivalent of Frankenstein's monster. It's likely that such threats aren't too difficult to break and have many faults.
The malware threat we're going to be talking about today is of the second more "rookie" type. The malware researchers who came in touch gave it the name RedBoot Ransomware, despite the fact that they are still unsure whether this is a ransomware threat or a disk wiper. We'll expand on this once we get the basic functions of RedBoot Ransomware out of the way.
What Happens If RedBoot Ransomware Infects You?
And interesting feature of RedBoot Ransomware is that it's capable of tampering with the MBR of your machine (Master Boot Record). Malware authors could use that to leave the impression that their creation is much more complex than it is in reality, thus scaring the victim and possibly bullying them into paying. Once RedBoot Ransomware modifies your MBR, it would present you with their ransom message every time you try to reboot your PC. The ransom note includes an email address which is supposed to get you in touch with the authors of RedBoot Ransomware – redboot@memeware.net. Having done this, RedBoot Ransomware will aim at encrypting the file types it's been coded to target.
The list goes on as usual - .txt, .jpeg, .mp4, .rar, .xls, and so on. Ransomware authors never fail to target all the popular file types that every regular user would have stored on their machine, and the creators of RedBoot Ransomware don't stray from this well-trodden path. After successfully encrypting the data, RedBoot Ransomware would change the files' extensions to ".locked." This makes it pretty clear to the victim exactly which files have been encrypted and how much damage has been done. Now it gets more interesting – despite everything so far pointing at RedBoot clearly being a ransomware threat, the authors haven't included a field where one is supposed to enter the decryption key upon paying the ransom. This is particularly why malware experts have been left scratching their heads, wondering whether RedBoot Ransomware is yet to be completed, or it's not a ransomware threat at all, but a disk wiper.
Even though this piece of malware isn't very "professionally" made, the harm it could cause is not to be underestimated. On the contrary – the cyber crooks behind it either forgot to add an option to decrypt your files, or intentionally left this out. In both cases the likely outcome is one – your data would be gone for good. Getting rid of this pest won't be an easy task, and it would require a reputable anti-malware program and maybe even computer specialists' help.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.