RedFox Ransomware

The RedFox Ransomware is an encryption ransomware Trojan. Malware researchers first observed the RedFox Ransomware on the Dark Web in December 2017. The RedFox Ransomware was mentioned on forums and distributed by a group calling themselves the 'SigmaTeam.' The RedFox Ransomware was being advertised as part of a Ransomware as a Service (RaaS) platform. The RedFox Ransomware was being billed as easy to manage and customize, which allowed the purchasers to control it using a Web-based interface to manage the RedFox Ransomware Command and Control server. The RedFox Ransomware, like most encryption ransomware Trojans, will encrypt the victim's files and then demand a ransom payment. The RedFox Ransomware contains a module that allows the criminals to track ransom the payments and manage the RedFox Ransomware easily. This makes the RedFox Ransomware a substantial threat since it allows even inexperienced hackers or criminals with few resources to carry out devastating encryption ransomware attacks.

Some Information about the RedFox Ransomware Attack

The RedFox Ransomware is being delivered through ill-minded pop-up windows and online advertisements currently. The RedFox Ransomware also can be delivered to victims directly since there is a USB version of the RedFox Ransomware that can be installed on a computer simply by plugging in a drive into the targeted PC. The RedFox Ransomware has one fairly unique aspect, which is that it includes a timer that allows criminals to delete the victim's files after a certain amount of time permanently, to provide an added incentive for the victims to pay the ransom. The RedFox Ransomware includes some RAT (Remote Access Trojan) features that allow the criminals to control some aspects of the affected computer, as well as rootkit components that allow the RedFox Ransomware to manipulate the Master Boot Record and the User Account Control prompts in its tactic.

How Criminals Use the RedFox Ransomware to Profit

Once installed, the RedFox Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. The RedFox Ransomware will target the user-generated files, which may include files with the following file extensions:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The RedFox Ransomware attack itself can be customized by using a builder kit that the criminals are distributing online. Using the RedFox Ransomware RaaS, the criminals can customize their attacks by paying a fee for their own version of the RedFox Ransomware. The criminals will deliver a ransom note to the victim once the RedFox Ransomware, demanding a ransom payment in exchange for the decryption key, has encrypted the victim’s files. Malware researchers warn that the RedFox Ransomware's ransom should not be paid because it, almost always, is a waste of money.

Protecting Your Data from Threats Like the RedFox Ransomware

It is clear that there is an increase in ransomware attacks, especially as more threats use a RaaS model to attack their victims. Because of this, computer users should take precautions against this and other encryption ransomware Trojans. The best protection against the RedFox Ransomware and similar threats is to have an anti-malware program that is fully up-to-date and have file backups stored on the cloud or an external memory device. A combination of file backups, strong online security practices, and reliable security programs can halt threats like the RedFox Ransomware.