Redmat Ransomware

Transcription

Redmat Ransomware
Redmat Ransomware – Yet another
Djvu Ransomware Variant
Understanding Redmat Ransomware
Redmat Ransomware is a nasty variant of the STOP File-Encrypting Virus that has
recently been discovered. Just like other variants, Redmat has been developed to
generate illicit revenue by extorting ransom from the victims.
This clan of the Ransomware is considered as the most wide-spread malware as it
uses multiple spread channels & methods. One of the prime distribution methods
of Redmat Crypto Virus is Spam E-mail Campaigns.
Once the system is infected, Redmat searches every nook & corner of the system
for the targeted files. Upon locating the files, it encrypts them by adding .redmat
extension to the file names. Hence, it renders the files unusable to the users.
The files once encrypted by stop redmat Ransomware cannot be restored easily.
Decrypting the files need a unique private key that is stored on the hacker’s server.
In order to get the decryption key, the victims are required to pay hefty amount to
the hackers as ransom.
Cyber Security analysts have found that paying the ransom doesn’t always yield
positive results. On receiving the ransom, hackers often tend to avoid the victims.
Threat SummaryName
Type
Category
Operating System Impacted
Targeted Browser
Redmat
Ransomware
Malware
Windows
Google Chrome, Internet Explorer, Mozilla
Firefox
Threat Behavior of Redmat RansomwareThe variants of the infamous STOP DJVU Ransomware seem a hard cookie for the
cyber-security analysts to crack. New variants of STOP Ransomware Family seem
to be popping up every now & then.
Redmat Ransomware is one such variant of Stop Ransomware Clan that is
infecting a large number of systems across the world at a large scale.
The chief spread methods of redmat crypto-virus infection includes spam e-mail
campaigns, online advertising & fake software downloads/updaters.
Upon infecting the system, redmat searches the victim’s system for targeted files.
These may include:





Document files
Audio Files
Video Files
Backup Files
Images
Once targeted files are located, redmat uses highly complex Cryptography methods
such as RAS & AES to encrypt the files. The encrypted files are appended by
.redmat extension, & hence made inaccessible to the user.
For Example; a file named “spreadsheet.xls”
“spreadsheet.xls.redmat”.
might be
renamed as
Redmat Ransomware is also capable of contacting with its Command & Control
Server from the victims system. It downloads & updates additional files on the
victim’s PC & strengthens its grip on the system.
The main motive of the Redmat developers is to swindle the innocent users &
extort money from them. Once the files are encrypted, a ransom-demanding
message in a text format is dropped in every folder containing .redmat files.
Details of the Ransom Note for Redmat & Hacker’s Response
The ransom note prompts the user that paying the ransom is the only way to restore
the encrypted data. A unique private key, stored at the hacker’s server, is required
to restore the data. In order to purchase the decryption key, the victim is required to
a handsome amount to the hackers as ransom (in bitcoins).
The Amount demanded by the hackers remains same for all the STOP
Ransomware variants ($980 in bitcoins). The note further states that the victims
that contact hackers within 72 hours of the encryption can access 50% on the
ransom amount ($490).
In addition to that, the hackers offer to decrypt one encrypted file free of cost.
Users are asked to send any one encrypted file to the hackers via e-mail on
[email protected] or [email protected]. The decrypted file is sent
then sent back to the victim as a guarantee of decryption.
Please note that these claims are mere tricks to take the users into thinking that the
decryption of files is possible.
Fearing to lose the data, many victims often contact hackers & pay the Ransom
Amount. However, paying the ransom may not always help in getting the data
back. Hackers often avoid responding victims after the amount has been received.
This way, the victims lose their data permanently.
Therefore, users are advised to abolish any encouragement to contact hackers &
pay the ransom. Be vigilant & do not let the hackers extort money from you.
Backing up data on an external storage device regularly & being careful while
using internet may help in preventing Redmat infection.
Distribution Techniques of Redmat RansomwareAccording to security analysts, hackers behind Redmat Ransomware are
employing common internet services such as Spam E-mail Campaigns & Software
Downloads for its propagation.
Hackers send infected e-mail attachments such as invoices, bills, credit card scores
& discount coupons to the targeted devices. The e-mails appear legitimate as these
are sent with the names of legit companies such as PayPal or FedEx.
Clicking on these e-mails may install Redmat Ransomware on the user’s PC.
Other spread techniques used by the hackers include:
 Online Advertising
 Torrent Websites/ Adult-content Websites/ malware-laden suspicious
websites
 Third-party software updaters/download sources
 Software Bundling
 Malicious Ads/Luring Discount Coupons.
 Peer-to-Peer Networks
 Freeware download websites/ Free file-hosting websites
How to prevent Redmat Ransomware from infecting your system