Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

The Redboot Ransomware


Malware Blocker researcher discovered a new Bootlocker Ransomware, dubbed RedBoot, that encrypts files on the infected computer, replaces the Master Boot Record (MBR) of the system drive and then modifies the partition table. Once all the files have been encrypted, the RedBoot ransomware will reboot the computer and display a ransom note. This ransom note provides the instruction to the victims to send their ID key to the email recipient redboot@memeware.net in order to get payment instructions. However, security experts have found that there is no way to input a decryption key to restore the MBR and partition table. Therefore, even if the victim pay the ransom, the hard drive may not be recoverable because the Redboot ransomware permanently modifies the partition table.
Since there is no way to input a decryption key to restore the MBR and partition table, security experts are of the opinion that this malware is a wiper disguised as a ransomware.
Source:
Security Affairs
 
Team Cymru
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis