RedBoot Ransomware-Living Wild and spreading

The Threat Research team at SonicWall "observed reports of a new variant family of RedBoot Ransomware [RedBoot.A] actively spreading in the wild. RedBoot encrypts the victims files with a strong encryption algoritym, replaces the Master Boot Record (MBR) of the system drive and then modifies the partition table. The infection cycle will add the following files to the system: assembler.exe, boot.asm, boot.bin, overwrite.exe, main.exe and protect.exe.

Once a computer is compromised, the Malware copies its own executable file to %userprofile% folder and compiles boot.bin. " According to bleepingcomputer.com, " the launcher will now start the main.exe program which will scan the computer for files to encrypt. The main.exe program will also launch the protect.exe program in order to block programs that may be used to analyze or stop the infection. Main.exe is encrypting files, executables, dlls and normal data files and append the .locked extension" onto each encrypted file's filename.

The behavior of this infection has caused researchers to question whether or not it is a malware, ransomware or Wiper based on the code which is compiled in AutoIT. I've seen reports that infected systems are given instructions on where to send payment but unlike other Ransomware, there's no place to input a decryption key. Either this is a poorly written Ransomware or the author(s) never intend on giving your the data back--even if you pay!

More info