Cybercriminals are using another damaging ransomware threat based on the infamous Chaos Ransomware family. When this threat that is tracked as the RedEngine Ransomware is deployed, it engages an encryption algorithm to lock the files found on the victim's device. The user's photos, documents, PDFs, archives, databases, and more, will be left in an unusable state. The attackers will then demand a ransom payment from the victims that wish to receive the required decryption keys from them.
Unlike the vast majority of ransomware threats, RedEngine doesn't have a specific file extension with which to mark all processed files. Instead, the threat appends a new random 4-character string to the original name of each locked file. A ransom note with instructions from the hackers will be created on the desktop of the breached devices as a text file named 'read_it.txt.'
Ransom Note's Details
Reading the note reveals that the attackers will only accept the ransom payments made using the Monero (XMR) cryptocurrency. However, the exact sum that they demand to receive to send the necessary decryption tool and keys is not mentioned. Another problem also becomes immediately obvious - although the attackers leave their 'RedEngine#2058' account as a way for affected users to contact them, the note fails to mention the messaging application or platform that the account is on. Still, the cybercriminals are, apparently, willing to decrypt 3 files for free, if users somehow manage to figure out how to establish contact.
The full text of the ransom note is:
'Don't worry, you can return all your files!
All your files like documents, photos, databases and other important are encrypted
What guarantees do we give to you?
You can send 3 of your encrypted files and we decrypt it for free.
You must follow these steps To decrypt your files :
1) dm me RedEngine#2058
2) Obtain XMR (You have to pay for decryption in XMR.
After payment we will send you the tool that will decrypt all your files.)'