Malware Blocker researcher discovered a new Bootlocker Ransomware, dubbed RedBoot, that encrypts files on the infected computer, replaces the Master Boot Record (MBR) of the system drive and then modifies the partition table. Once all the files have been encrypted, the RedBoot ransomware will reboot the computer and display a ransom note. This ransom note provides the instruction to the victims to send their ID key to the email recipient firstname.lastname@example.org in order to get payment instructions. However, security experts have found that there is no way to input a decryption key to restore the MBR and partition table. Therefore, even if the victim pay the ransom, the hard drive may not be recoverable because the Redboot ransomware permanently modifies the partition table.
Since there is no way to input a decryption key to restore the MBR and partition table, security experts are of the opinion that this malware is a wiper disguised as a ransomware.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street