RedEye Ransomware

Posted: June 7, 2018

RedEye Ransomware Description

The RedEye Ransomware is an update of the Annabelle Ransomware, an FTSCoder Trojan that uses a combination of file-locking and Windows-disabling attacks for disrupting your computer. Some versions of the RedEye Ransomware may overwrite your media with junk data instead of encrypting it, and the victims should disregard its ransoming demands for a decryption solution. Your anti-malware products can remove the RedEye Ransomware securely, although a quick response may be necessary for eliminating this threat before it causes any permanent damage.

The Annabelle Ransomware Gets a Little Red in the Eyes

The threat actor iCoreX, claiming responsibility for the file-wiping Jigsaw Ransomware and the reboot-hijacking Annabelle Ransomware, now, is supposedly updating the latter's campaign with a new Trojan. The Annabelle Ransomware variant, the RedEye Ransomware, includes extra features for subverting the user's control over the Windows environment and harming your files in general. It also keeps all of the previous attacks of note from the first build, and, as a result, malware experts are classifying it as an equally high-level threat.

Thanks to the inclusion of several WAV audio files that it incorporates into its ransoming features, the RedEye Ransomware has an unusually large installation file of over thirty megabytes. Several code obfuscation techniques, such as the ConfuserEx anti-debugging freeware, could keep outdated security solutions from identifying it accurately. The RedEye Ransomware hijacks the Windows Userinit configuration for loading its ransoming message, which it shows after 'locking' your documents, pictures and other media. However, malware experts are verifying that the RedEye Ransomware may only be overwriting the contents of these files permanently instead of locking them with theoretically reversible, AES encryption, as per the claim of its pop-up.

One upgrade of the RedEye Ransomware of particular note is its ability for hiding drive displays in the Windows Explorer, which can keep a victim from regaining control over the OS. The RedEye Ransomware also disables your access to high-priority applications, such as the Task Manager, your Web browser and the Registry Editor. Malware researchers also encourage monitoring the timer on the RedEye Ransomware's ransom pop-up closely; the expiration of this limit triggers the corruption of the Windows MBR, which prevents the operating system from loading.

Getting the Glare of Red Out of Your Sight

Unlike a real, file-locker Trojan, such as the widely-distributed Globe Ransomware, the RedEye Ransomware can cause a degree of data loss that's not reversible, even for those who do pay its Bitcoin ransom. While its size makes it unlikely for being distributed by spam e-mails, Trojan downloaders, and similar threats may attach themselves to such messages and run the executable, themselves. Other infection strategies malware experts see activity in this year include compromised torrents, exploit kits, and combinations of brute-force and RDP network attacks.

Prompt response timing is necessary for keeping this Trojan from causing additional damage to Windows, over time especially. Always reboot your PC immediately after suspecting a possible the RedEye Ransomware infection, and use Safe Mode or an emergency recovery loader for keeping the threat's processes from launching. A non-compromised backup is, as usual, the only method of restoring your files that malware experts can verify as being reliable. Have a dedicated anti-malware product uninstall the RedEye Ransomware if required; so far, one out of every three AV brands are identifying this Trojan (in many cases, as a variant of Graftor).

The RedEye Ransomware gives an unmistakable hint about what's even worse than a disk-wiper like Shamoon or a file-locker Trojan like Hidden Tear. When Trojans are committing permanent attacks and selling fake cures for them, they're an incredibly strong incentive for taking the trouble to back up anything of importance to you.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RedEye Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware RedEye Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.