Redrum Ransomware

Ransomware threats are one of the wors cyber-threats a regular user may come across. These nasty pests would sneak into one's system, sniff out all their data, encrypt it, and then demand money. The entry barrier is pretty low because not only do most con actors distributing it borrowing the code of already existing threats (and slightly reworking it), but there also are ransomware threats available as a commodity that anyone can buy.

Propagation and Encryption

One of the most recently uncovered ransomware threats is called Redrum Ransomware. This threat belongs to the second most active ransomware family in 2019, the Dharma Ransomware. Unfortunately, the variants of the Dharma Ransomware are not decryptable for free. The Redrum Ransomware is likely being propagated via fraudulent application downloads and updates, torrent trackers, fake pirated media or software, and spam emails containing macro-laced attachments. The Redrum Ransomware will likely target documents, images, audio and video files, presentations, spreadsheets, databases, archives, etc. Ransomware threats tend to go after popular file types, which are likely to be present on the system of any regular user. The Redrum Ransomware will apply an encryption algorithm to lock the targeted data. Upon locking the files, the Redrum Ransomware also will add a new extension to their names - '.id-.[moncler@tutamail.com].redrum.’ Most variants of the Dharma Ransomware follow this pattern.

The Ransom Note

The ransom message of the Redrum Ransomware is contained in a file called 'decryption.txt.' The ransom note is rather extensive. In the note, the attackers state that unlocking the encrypted data with a third-party decryption tool is impossible, but they offer to unlock one file free of charge to prove to the user that they are able to reverse the damage. The authors of the Redrum Ransomware do not specify what the ransom fee is. There are two email addresses specified as contact details - ‘moncler@tutamail.com' and ‘moncler@cock.li.' The attackers warn that unless the victim gets in touch with them within 24 hours of the attack taking place, their key will be wiped out, which will make file-recovery impossible. The authors of the Redrum Ransomware also claim that if the user fails to pay the ransom fee within 60 hours of getting in touch with them, the price will be inflated with 10%.

Avoid contacting cybercriminals like the shady individuals behind the Redrum Ransomware. They will likely stop replying to you after they receive the payment required, and you may never get the decryption key they had promised. Trust a reputable anti-malware application to remove the Redrum Ransomware from your PC safely and swiftly.