Togijak Posted September 26, 2017 Share Posted September 26, 2017 A new Ransomware is pushing its way into the Master Boot Record of Windows PCs. In addition, it also encrypts files - but without providing a path to decryption.The Ransomware RedBoot, which is analyzed by Bleepingcomputer, encrypts the MBR (master boot record) of the infected PC and modifies the partition table. This effectively prevents Windows from starting. Instead, the blackmail message is displayed: The computer and all its files are encrypted, the user should contact the developers by e-mail to receive decryption instructions.proceedAfter running RedBoot, it overwrites the MBR with the included and compiled assembler code. The two programs main.exe and protect.exe, which are also included, are then started. The first program scans the computer and encrypts executable programs, DLLs as well as documents and images. They are endowed with the .locked suffix. At the same time, protect.exe ensures that main.exe is able to work as much as possible, and blocks programs that could interfere with or prevent infection. This includes, among other things, the task manager. When the encryption is finished, the Ransomware restarts the PC. Instead of Windows, the above-mentioned extortion is displayed.No way backThe analysts of Bleepingcomputer have not found a way to enter a decryption code, so RedBoot encrypted data is unrecoverable. Either RedBoot is a very poorly written and verbugte Ransomware or it was never designed to be able to decrypt the data again - it would be classified as a Wiper. The Ransomware, written in AutoIT, mimics the Ransomware Petya, which has also been used in Germany, with the replacement of the MBR. RedBoot arrives at the PC via a path not mentioned in the source, usually Ransomware spreads via infected e-mail attachments. (Rei) Google translation off https://www.heise.de/security/meldung/Krypto-Trojaner-RedBoot-infiziert-MBR-und-zerstoert-Dateien-3840923.html Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted September 26, 2017 Share Posted September 26, 2017 its y i use Shadow Defender Ransomware cant pushing its way into the Master Boot Record Link to comment Share on other sites More sharing options...
Togijak Posted September 26, 2017 Author Share Posted September 26, 2017 4 hours ago, knowledge said: its y i use Shadow Defender Ransomware cant pushing its way into the Master Boot Record I don't care if something infects my MBR (I have a image) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.