Redmat Ransomware
Transcription
Redmat Ransomware
Redmat Ransomware – Yet another Djvu Ransomware Variant Understanding Redmat Ransomware Redmat Ransomware is a nasty variant of the STOP File-Encrypting Virus that has recently been discovered. Just like other variants, Redmat has been developed to generate illicit revenue by extorting ransom from the victims. This clan of the Ransomware is considered as the most wide-spread malware as it uses multiple spread channels & methods. One of the prime distribution methods of Redmat Crypto Virus is Spam E-mail Campaigns. Once the system is infected, Redmat searches every nook & corner of the system for the targeted files. Upon locating the files, it encrypts them by adding .redmat extension to the file names. Hence, it renders the files unusable to the users. The files once encrypted by stop redmat Ransomware cannot be restored easily. Decrypting the files need a unique private key that is stored on the hacker’s server. In order to get the decryption key, the victims are required to pay hefty amount to the hackers as ransom. Cyber Security analysts have found that paying the ransom doesn’t always yield positive results. On receiving the ransom, hackers often tend to avoid the victims. Threat SummaryName Type Category Operating System Impacted Targeted Browser Redmat Ransomware Malware Windows Google Chrome, Internet Explorer, Mozilla Firefox Threat Behavior of Redmat RansomwareThe variants of the infamous STOP DJVU Ransomware seem a hard cookie for the cyber-security analysts to crack. New variants of STOP Ransomware Family seem to be popping up every now & then. Redmat Ransomware is one such variant of Stop Ransomware Clan that is infecting a large number of systems across the world at a large scale. The chief spread methods of redmat crypto-virus infection includes spam e-mail campaigns, online advertising & fake software downloads/updaters. Upon infecting the system, redmat searches the victim’s system for targeted files. These may include: Document files Audio Files Video Files Backup Files Images Once targeted files are located, redmat uses highly complex Cryptography methods such as RAS & AES to encrypt the files. The encrypted files are appended by .redmat extension, & hence made inaccessible to the user. For Example; a file named “spreadsheet.xls” “spreadsheet.xls.redmat”. might be renamed as Redmat Ransomware is also capable of contacting with its Command & Control Server from the victims system. It downloads & updates additional files on the victim’s PC & strengthens its grip on the system. The main motive of the Redmat developers is to swindle the innocent users & extort money from them. Once the files are encrypted, a ransom-demanding message in a text format is dropped in every folder containing .redmat files. Details of the Ransom Note for Redmat & Hacker’s Response The ransom note prompts the user that paying the ransom is the only way to restore the encrypted data. A unique private key, stored at the hacker’s server, is required to restore the data. In order to purchase the decryption key, the victim is required to a handsome amount to the hackers as ransom (in bitcoins). The Amount demanded by the hackers remains same for all the STOP Ransomware variants ($980 in bitcoins). The note further states that the victims that contact hackers within 72 hours of the encryption can access 50% on the ransom amount ($490). In addition to that, the hackers offer to decrypt one encrypted file free of cost. Users are asked to send any one encrypted file to the hackers via e-mail on [email protected] or [email protected]. The decrypted file is sent then sent back to the victim as a guarantee of decryption. Please note that these claims are mere tricks to take the users into thinking that the decryption of files is possible. Fearing to lose the data, many victims often contact hackers & pay the Ransom Amount. However, paying the ransom may not always help in getting the data back. Hackers often avoid responding victims after the amount has been received. This way, the victims lose their data permanently. Therefore, users are advised to abolish any encouragement to contact hackers & pay the ransom. Be vigilant & do not let the hackers extort money from you. Backing up data on an external storage device regularly & being careful while using internet may help in preventing Redmat infection. Distribution Techniques of Redmat RansomwareAccording to security analysts, hackers behind Redmat Ransomware are employing common internet services such as Spam E-mail Campaigns & Software Downloads for its propagation. Hackers send infected e-mail attachments such as invoices, bills, credit card scores & discount coupons to the targeted devices. The e-mails appear legitimate as these are sent with the names of legit companies such as PayPal or FedEx. Clicking on these e-mails may install Redmat Ransomware on the user’s PC. Other spread techniques used by the hackers include: Online Advertising Torrent Websites/ Adult-content Websites/ malware-laden suspicious websites Third-party software updaters/download sources Software Bundling Malicious Ads/Luring Discount Coupons. Peer-to-Peer Networks Freeware download websites/ Free file-hosting websites How to prevent Redmat Ransomware from infecting your system