Red Alert Ransomware
Posted: January 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 21 |
| First Seen: | January 4, 2017 |
|---|---|
| Last Seen: | June 12, 2022 |
| OS(es) Affected: | Windows |
The Red Alert Ransomware may look and behave like a unique piece of crypto-threat, but it is nothing more than a slightly modified variant of the HiddenTear ransomware project that is used to spawn new ransomware variants regularly. Just like other HiddenTear-based crypto-threat, the Red Alert Ransomware also is decryptable, and victims of this threat should be able to get their files back, as long as they can find one original version of an encrypted file. The authors of the Red Alert Ransomware took their time to include a custom wallpaper and image files that will be used to display the ransom note to the victims, but they did not bother to change the default '.locked' extension that HiddenTear appends to the names of all encrypted files.
A Fake Red Alert Raised by another HiddenTear Variant
Crypto-threat infections have been increasing in the past year gradually, and many malware researchers predict that ransomware will continue being the leading trend among cybercrooks in 2017. This is why users are advised to take the necessary measures to protect their computers from ransomware infections by making sure their anti-virus software is up & running at all times. It also is important to remember the top techniques that ransomware authors may use to distribute their corrupted products. The top method used to spread ransomware is spam e-mail messages, which contain a corrupted attachment or link to a Web destination used to host an exploit kit. This is why the most important things users must remember, is to be extra careful when reviewing incoming e-mail messages, especially if they contain an attached file.
When the Red Alert Ransomware carries out its attack, it drops several files to the user's desktop – 'ransom.jpg' & 'message.txt.' The image file is set as the default desktop background automatically, and it simply tells users that their files have been encrypted, and they need to open 'message.txt' if they want to learn how they can get their data back. The good news is that due to HiddenTear's flawed encryption, victims of the Red Alert Ransomware don't need to contact the attackers to get their files back. Instead, they can rely on a free HiddenTear decryptor to get their files back. However, users must not forget that the decryption tool can't remove the ransomware from their computers, and they'll need to run a reputable anti-malware tool to take care of the corrupted application immediately.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.