REDROMAN Ransomware
The REDROMAN Ransomware is a file-locking Trojan of an unknown family. It can block files with encryption, modify various network settings, and demand ransoms through three separate HTML notes. Users should ignore the ransoms and recover from any secured backup, if possible, while having their favored security solution remove the REDROMAN Ransomware from their computer.
A Program Streaked Red with the Blood of Captured Files
File-locking Trojans outside of Ransomware-as-a-Services are, frequently, less secure than their RaaS counterparts. However, this comes with a trade-off for any victims, who also face more possibilities in these independents' attacks. For the REDROMAN Ransomware, an up-and-coming file-locker Trojan in the wild, those dangers include even more than tampering with media files.
Like most file-locking Trojans, the main thrust of the REDROMAN Ransomware's payload is the encryption of documents, pictures, and similar media. It blocks them with an unknown encryption algorithm before adding its 'REDROMAN' extension, without any other ransoming information, into their names. With the sabotage done, the Trojan also drops three HTML ransom notes for selling its unlocking help, which it benignly describes as a file-cleaning service, at a rate of 200 USD in Bitcoins.
In another similarity with past threats, malware experts find the REDROMAN Ransomware conducting other actions that a victim is unlikely to notice immediately. It deletes the Shadow Volume Copies or the Restore Points, resizes the Shadow Storage as an additional precaution against data recovery, and, unusually, adds an admin profile for the threat actor with the Windows net.exe tool. The latter could be a backdoor for further attacks.
Cleaning the Crimson Out of Important Files
The point behind the multiple ransom notes isn't known to malware experts; most file-locker Trojans deliver messages in different formats or may create exact copies in numerous directories. The REDROMAN Ransomware's use of the same formatting but different names and locations for its extortion is an unusual quirk that can, like its extension and other features, help with identifying it. Still, users should have backups on other systems or devices for recovering their files after any attacks.
Due to its network-related features, malware analysts also recommend disconnecting from the internet while dealing with the REDROMAN Ransomware infections. Further development of the REDROMAN Ransomware may provide more fleshed-out backdoor features that could help attackers remotely assert control over the PC. Its distribution model and any installation exploits are unknown, but the threat can run on most versions of the Windows operating system.
Users should always entrust a credible PC security program with removing the REDROMAN Ransomware and disinfecting their computers. Doing so doesn't unlock files but will restore sufficient safety for proceeding with advanced Shadow Copy recovery strategies and other solutions.
Although the REDROMAN Ransomware hasn't made any Bitcoins from its attacks, files can stay blocked, whether ransoms are paid or unpaid. Furthermore, its interest in negatively tweaking network settings might make the REDROMAN Ransomware a particular danger to business and home networks; however, only time will tell.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.