Redrum Ransomware
The Redrum Ransomware is a file-locking Trojan that can keep media content from opening in its associated programs like Word or Windows Media Playe The Redrum Ransomware also can destroy backup-related data on default Windows features, changes extensions, and leaves behind ransom notes. Users can secure backups appropriately on other systems or storage devices for safety and remove the Redrum Ransomware with a traditional anti-malware program.
Your Trojan Problems Now Come with Free Horror Gags
The theming of a Trojan's campaign is an often-whimsical part of its payload and can have little to no bearing on the problems it causes to one's data security and accessibility. The Redrum Ransomware is an exceptional demo of uniqueness in many regards, with a Stephen King-referencing nametag and other details that separate it from the most-common origins of its ilk. Although it's a file-locking Trojan with multiple victims out in the wild, the Redrum Ransomware isn't part of any previous Ransomware-as-a-Service.
The Redrum Ransomware attacks its victims' media files, such as documents and databases, with the well-worn means of encrypting their data, implanting a 'signature' inside them, and changing their extensions in their names. The extension alteration consists of both the Redrum Ransomware's reference to King's 'The Shining,' an ID and an e-mail – all of which are standardized conventions in a Ransomware-as-a-Service. However, the Redrum Ransomware doesn't use the typical cryptographic attacks of families like the Dharma Ransomware or the Globe Ransomware.
The Redrum Ransomware appends a file marker with a similar 'redrum' reference in files' internal information, instead of using a more generic one that might apply to a family with different extensions. The ransom note that it leaves, in a text format, also is one that is new to malware experts' eyes. The text contains the usual, English-based (but with imperfect grammar) offers of a premium decryptor for Bitcoin payments. The Redrum Ransomware is more generous than usual with its free trials, though, and gives the victim up to five files for unlocking, instead of one or two.
Stopping Your Work from Being Murdered
Although encryption isn't always a permanent affair, for most well-programmed Trojans, it is perfectly-defended against a third party's decryption attempts effectively. Besides using the 'free demo' aspect of the Redrum Ransomware's proceedings, malware researchers encourage setting up backups on other devices that are out of the Redrum Ransomware's scope for affecting. The Redrum Ransomware does, like nearly every Trojan of its classification, destroy the Shadow Volume Copies and similarly-standard, Windows-based backups.
Victims of the Redrum Ransomware have yet to confirm the infection methods. Windows file-locking Trojans may circulate in e-mail attacks with fake attached documents, use 'warez' torrents a la STOP Ransomware, or enjoy the help of browser threats like the Fallout Exploit Kit. Disabling browser scripts, scanning all downloads before opening, and turning off macros are appropriate counters for nearly all users.
Since this Trojan is new, anti-malware solutions may require updates to their databases for identifying and removing the Redrum Ransomware – although they always should be kept as updated as possible for your PC's safety, in any case.
As a newbie in a field that has fierce competition, the Redrum Ransomware is showing itself off aggressively, and with the attitude of an upcoming RaaS. Whether it's the start of a family or something else, its victims should have backups for keeping it from becoming their horror story.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.