Redshitline Ransomware
Posted: March 22, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 83 |
| First Seen: | March 22, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Redshitline Ransomware is a file encryption Trojan that prevents you from opening files of particular formats, such as images, and displays a ransom message for undoing the attack. Although using a free decryption solution may not be possible, malware experts always recommend looking at all other options before rewarding fraudsters for attacking your PC. Besides recovering your data, you also should take proper steps for deleting the Redshitline Ransomware and related threats, regardless of any contrary suggestions offered in the Redshitline Ransomware's ransom message.
A Cesspool's Worth of Problems for Your Saved Files
The Redshitline Ransomware is a threat that malware experts have seen circulating in multiple variants, including ones using different programming language baselines, such as Visual Basic and Microsoft Intermediate Language (or MSIL). Although different versions of the Redshitline Ransomware may include slightly different coding techniques, its payload is consistent between versions: the Redshitline Ransomware launches automatically, encrypts files an infected PC selectively, loads a ransom message, and then closes itself. Just as with similar file encrypting campaigns, the Redshitline Ransomware targets personal or work data, such as JPG images or spreadsheets, without damaging the essential components of your operating system.
The most visible symptom of a Redshitline Ransomware infection is a series of changes to file names, appending an e-mail address (for contacting the ransoming con artists) or an arbitrary 'format' such as .XTBL. However, there are no full format conversions associated with the Redshitline Ransomware, which limits itself to encrypting files. Nevertheless, this process makes sufficient changes to file data to prevent other programs from reading them.
Malware experts also emphasize that network-accessible remote drives also may be at risk of being affected by the Redshitline Ransomware, which may place multiple systems in danger after only one of them becomes compromised.
After its encryption and renaming routine finishes, the Redshitline Ransomware also generates a ransom instruction-based image file, which the Redshitline Ransomware locks to your desktop background. As usual, these people request cash expenditures for providing their information decryption services, without any way to confirm that they'll provide any solution after taking the victim's money.
Cleaning the Stench of the Redshitline Ransomware Off Your PC
Threat authors often prefer to build new threats and campaigns off of previously established baselines, and the future may see more revisions of the Redshitline Ransomware Trojans. These threats still may be identified by watching for their characteristic changes of your files and their desktop-based ransom notifications. Use proper network security standards for preventing the Redshitline Ransomware from accessing additional files beyond a single compromised machine, and exercise caution over conventional sources of threat installers, such as fake e-mail invoices.
Current versions of the Redshitline Ransomware are not persistent and don't require launching every time your OS starts. Although this choice prevents the Redshitline Ransomware from acting in the stead of greater threats, such as backdoor Trojans, the Redshitline Ransomware also may stop some PC security features from identifying it. Use anti-malware products with system-scanning features for removing the Redshitline Ransomware (and other threats, such as Trojans installing the Redshitline Ransomware) from any PC. As a reliable and inexpensive solution to its encryption efforts, malware researchers always can recommend using complete backup procedures, such as backing up your information to a USB drive.
The Redshitline Ransomware may be identifiable by a prominent alias, such as Ransom: Win32 / Isda.A or Trojan-Ransom.Win32.Aura.