Red Alert Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 9 |
First Seen: | January 4, 2017 |
Last Seen: | June 12, 2022 |
OS(es) Affected: | Windows |
The Red Alert Ransomware is a standard encryption Trojan that is named after the 'RED ALERT' warning it displays once it completes the encoding process. The Red Alert Ransomware functions similarly to the JuicyLemon Ransomware and changes the user's desktop background as a way to notify the user of encrypted data on the PC. The standard medium used to install the Red Alert Ransomware is a corrupted document that you are lead to believe is a payment confirmation and an order receipt from an online store like Amazon. Spam emails that feature logos from online stores and cyber security vendors are employed by the distributors of the Red Alert Ransomware to welcome users to double-click a macro-enabled document.
The Red Alert Ransomware is a Member of the HiddenTear Family of Ransomware
The Red Alert Ransomware is based on the HiddenTear project published by Utku Sen as 'educational ransomware.' It did not took long for 'knowledge-hungry' con artists notice the potential of HiddenTear and deploy dozens of variants. The Red Alert Ransomware is ranked among threats like the EduCrypt Ransomware and the Domino Ransomware. The Red Alert Ransomware is programmed to scan local drives and removable drives for the following file types:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
The next step in the encryption procedure involves building a list of files suitable for encryption. PC security researchers report that the Red Alert Ransomware is using a customized version of an open-source AES-256 cipher. Files are enciphered entirely and added a '.locked' marker. For example, 'Longmen_Caves-China.png' is converted to 'Longmen_Caves-China.png.locked' and a thumbnail in Windows Explorer will be unavailable. Data is encrypted with a private key, and then the key is encrypted with a public key, which makes decryption impossible if you do not have the correct decryption software and key. The authors of the Red Alert Ransomware claim to provide a decryptor if you follow a set of instructions saved in 'message.txt' located on the desktop.
A 'Red Alert' Warning Signifies a Successful Operation of the Red Alert Ransomware
As stated above, the Red Alert Ransomware changes the user's desktop background to an image colored in black and red, which displays the following text message:
'YOUR FILES HAS BEEN BLOCKED
All Your Files Has been Blocked !!!
To you unlock the files access "MESSAGE" file and follow the instructions or we will delete ALL your personal archives.
YOUR FILES HAS BEEN BLOCKED'
Computer users that did not backup their data may panic and consider paying the ransom. However, experts remind that the operators of the Red Alert Ransomware are not obliged to deliver a decryptor. You might want to keep your money in the wallet and check if the Red Alert Ransomware deleted the Shadow Volume Copies made by Windows. PC users that take into consideration threats like the Red Alert Ransomware and the OpenToYou Ransomware may have backup images available. Experts remind that threats such as the OpenToYou Ransomware are inefficient against users who backup their data regularly and avoid spam emails. The Red Alert Ransomware should be removed with the help of a reliable anti-malware scanner, which is designed to eliminate encryption Trojans.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.