Is Redboot malware a ransomware or a wiper?

Malware developers located all over the world are finding it hard to categorize a new malware called RedBoot. Well, as per the technical details available to our Cybersecurity Insiders, RedBoot is malicious software which tricks computer users into making ransom payments by encrypting data. Simultaneously, it also has the ability to wipe out the data by replacing the Master Boot Records on a target computer and modifying the partition table which is irreplaceable.

What’s more annoying in this malware story is that RedBoot doesn’t offer the ability to restore the computer’s Master Boot Record once the damage has been done. Nor can the users who have been victimized restore the partition table which means the recovery of files after paying the ransom is almost impossible.

So, we can easily categorize RedBoot into a malware capable of wiping data completely rather than just collecting bitcoin payments in exchange to decrypting software.

Security experts from Kaspersky discovered that the dual operation mode of the said malware was done with a purpose by the developers.

Technically, as soon as a user is infected with RedBoot malware, the system goes for a reboot and then a red screen appears containing a ransom note generated after the boot procedure. The interesting point in this ransom note generation is that the text is generated by the Master Boot Record.

And now the most annoying part is that the text doesn’t mention about decryption key, ransom payment or a bitcoin address. Means the malware was developed as wiping software and not to lock computers for ransom.

Currently, not much is known about the infection rate of this malware. But security experts suggest that malware such as RedBoot can become more common in the world of cybercrime in coming days. And if this happens, it can spell a doom to the computer’s operating around the world—similar to the doom spelled by Wannacry in May this year.

Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display