Redrum Ransomware Description
Ransomware threats are one of the wors cyber-threats a regular user may come across. These nasty pests would sneak into one's system, sniff out all their data, encrypt it, and then demand money. The entry barrier is pretty low because not only do most con actors distributing it borrowing the code of already existing threats (and slightly reworking it), but there also are ransomware threats available as a commodity that anyone can buy.
Propagation and Encryption
One of the most recently uncovered ransomware threats is called Redrum Ransomware. This threat belongs to the second most active ransomware family in 2019, the Dharma Ransomware. Unfortunately, the variants of the Dharma Ransomware are not decryptable for free. The Redrum Ransomware is likely being propagated via fraudulent application downloads and updates, torrent trackers, fake pirated media or software, and spam emails containing macro-laced attachments. The Redrum Ransomware will likely target documents, images, audio and video files, presentations, spreadsheets, databases, archives, etc. Ransomware threats tend to go after popular file types, which are likely to be present on the system of any regular user. The Redrum Ransomware will apply an encryption algorithm to lock the targeted data. Upon locking the files, the Redrum Ransomware also will add a new extension to their names - '.id-
The Ransom Note
The ransom message of the Redrum Ransomware is contained in a file called 'decryption.txt.' The ransom note is rather extensive. In the note, the attackers state that unlocking the encrypted data with a third-party decryption tool is impossible, but they offer to unlock one file free of charge to prove to the user that they are able to reverse the damage. The authors of the Redrum Ransomware do not specify what the ransom fee is. There are two email addresses specified as contact details - ‘email@example.com' and ‘firstname.lastname@example.org.' The attackers warn that unless the victim gets in touch with them within 24 hours of the attack taking place, their key will be wiped out, which will make file-recovery impossible. The authors of the Redrum Ransomware also claim that if the user fails to pay the ransom fee within 60 hours of getting in touch with them, the price will be inflated with 10%.
Avoid contacting cybercriminals like the shady individuals behind the Redrum Ransomware. They will likely stop replying to you after they receive the payment required, and you may never get the decryption key they had promised. Trust a reputable anti-malware application to remove the Redrum Ransomware from your PC safely and swiftly.
Do You Suspect Your PC May Be Infected with Redrum Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Redrum Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.