RedAnts Ransomware
Posted: March 9, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 87 |
| First Seen: | March 9, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The RedAnts Ransomware is a revision of Hidden Tear, a group of Trojans that con artists often use for extorting money after they lock your local files. Like other versions of this threat, the RedAnts Ransomware presents a risk of potentially long-term damage to the PC's data. Although your anti-malware products are likely to detect and delete the RedAnts Ransomware as a matter of routine, good backup strategies can eliminate any potential for irreversible harm.
Ants Swarming Your File Directories Instead of Your Kitchen
Hidden Tear variants are continuing to catch up in numbers with competing families of threatening software in the early spring, although it's unlikely that the same threat actors are behind most of these separate campaigns. The RedAnts Ransomware is one of the latest Hidden Tear releases subject to the confirmation of malware experts. The associated file data of its executable imply that the content is a document and other, text-based message. These threats most likely are circulating with the help of spam e-mails.
The RedAnts Ransomware still uses an AES-based cipher to lock your files through an encryption routine that reorders their internal data. Most con artists set threats of this type to lock documents, photos, spreadsheets, and other content that's potentially valuable but also small in size, letting the process take as little time as possible for maximum impact. The RedAnts Ransomware adds the 'horas-bah' extension onto the names of the locked data, which is a string malware experts have yet to see in connection with other attacks. Any victims should be sure to distinguish between the filename changes and the encryption; reversing one will have no impact on the second.
The threat actor profits from these attacks by also creating a text file with a ransom demand. The 0.5 Bitcoin price of the decryptor equates to six hundred USD, which puts the RedAnts Ransomware in the same range as other file-encrypting Trojans that attack business entities with the funds for paying such ransoms.
A Little Pesticide for an Ant Problem
Most file-encrypting threats represent the most serious risk to data that the user doesn't copy to other servers or drives for easy retrieval. Since a majority of file-encryptor Trojans are incapable of attacking cloud services, cloud storage offers one solution to the RedAnts Ransomware's payload. Peripheral storage, such as USB devices, also are highly endorsed by malware experts for data preservation against attacks of this nature. Ransom transactions lack any automatic mechanisms linking them to decryption features, and paying them never is a recommended or non-risky recovery method.
Threat actors may hide an installer for the RedAnts Ransomware by using inappropriate icons or extensions and often will design spam messages for supporting the concealment of their corrupted attachments. Professional anti-malware products can identify these threats, regardless, and should block any encryption attacks by removing the RedAnts Ransomware by default. However, threat databases without their most recent patches may be less potent at identifying newer Trojans.
Like the ants, themselves, the RedAnts Ransomware is part of a recurring threat that never truly stops attacking or breeding. However, the RedAnts Ransomware's aims are more self-serving than a biological imperative, and PC users can do their part to mitigate the problem by refusing to pay money for a misdeed.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 11.77 KB (11776 bytes)
MD5: 8941f44f8d91c837cc97c8f66410662e
Detection count: 29
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 13, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.