RedAnts Ransomware

Posted: March 9, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 87

RedAnts Ransomware Description

The RedAnts Ransomware is a revision of Hidden Tear, a group of Trojans that con artists often use for extorting money after they lock your local files. Like other versions of this threat, the RedAnts Ransomware presents a risk of potentially long-term damage to the PC's data. Although your anti-malware products are likely to detect and delete the RedAnts Ransomware as a matter of routine, good backup strategies can eliminate any potential for irreversible harm.

Ants Swarming Your File Directories Instead of Your Kitchen

Hidden Tear variants are continuing to catch up in numbers with competing families of threatening software in the early spring, although it's unlikely that the same threat actors are behind most of these separate campaigns. The RedAnts Ransomware is one of the latest Hidden Tear releases subject to the confirmation of malware experts. The associated file data of its executable imply that the content is a document and other, text-based message. These threats most likely are circulating with the help of spam e-mails.

The RedAnts Ransomware still uses an AES-based cipher to lock your files through an encryption routine that reorders their internal data. Most con artists set threats of this type to lock documents, photos, spreadsheets, and other content that's potentially valuable but also small in size, letting the process take as little time as possible for maximum impact. The RedAnts Ransomware adds the 'horas-bah' extension onto the names of the locked data, which is a string malware experts have yet to see in connection with other attacks. Any victims should be sure to distinguish between the filename changes and the encryption; reversing one will have no impact on the second.

The threat actor profits from these attacks by also creating a text file with a ransom demand. The 0.5 Bitcoin price of the decryptor equates to six hundred USD, which puts the RedAnts Ransomware in the same range as other file-encrypting Trojans that attack business entities with the funds for paying such ransoms.

A Little Pesticide for an Ant Problem

Most file-encrypting threats represent the most serious risk to data that the user doesn't copy to other servers or drives for easy retrieval. Since a majority of file-encryptor Trojans are incapable of attacking cloud services, cloud storage offers one solution to the RedAnts Ransomware's payload. Peripheral storage, such as USB devices, also are highly endorsed by malware experts for data preservation against attacks of this nature. Ransom transactions lack any automatic mechanisms linking them to decryption features, and paying them never is a recommended or non-risky recovery method.

Threat actors may hide an installer for the RedAnts Ransomware by using inappropriate icons or extensions and often will design spam messages for supporting the concealment of their corrupted attachments. Professional anti-malware products can identify these threats, regardless, and should block any encryption attacks by removing the RedAnts Ransomware by default. However, threat databases without their most recent patches may be less potent at identifying newer Trojans.

Like the ants, themselves, the RedAnts Ransomware is part of a recurring threat that never truly stops attacking or breeding. However, the RedAnts Ransomware's aims are more self-serving than a biological imperative, and PC users can do their part to mitigate the problem by refusing to pay money for a misdeed.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RedAnts Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 11.77 KB (11776 bytes)
MD5: 8941f44f8d91c837cc97c8f66410662e
Detection count: 29
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 13, 2017
Home Malware Programs Ransomware RedAnts Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.