Redmat Ransomware is a nasty variant of the STOP File-Encrypting Virus that has recently been discovered. Just like other variants, Redmat has been developed to generate illicit revenue by extorting ransom from the victims.
This clan of the Ransomware is considered as the most wide-spread malware as it uses multiple spread channels & methods. One of the prime distribution methods of Redmat Crypto Virus is Spam E-mail Campaigns.
Once the system is infected, Redmat searches every nook & corner of the system for the targeted files. Upon locating the files, it encrypts them by adding .redmat extension to the file names. Hence, it renders the files unusable to the users.
The files once encrypted by stop redmat Ransomware cannot be restored easily. Decrypting the files need a unique private key that is stored on the hacker’s server.
In order to get the decryption key, the victims are required to pay hefty amount to the hackers as ransom.
Cyber Security analysts have found that paying the ransom doesn’t always yield positive results. On receiving the ransom, hackers often tend to avoid the victims.
|Operating System Impacted||Windows|
|Targeted Browser||Google Chrome, Internet Explorer, Mozilla Firefox|
The variants of the infamous STOP DJVU Ransomware seem a hard cookie for the cyber-security analysts to crack. New variants of STOP Ransomware Family seem to be popping up every now & then.
Redmat Ransomware is one such variant of Stop Ransomware Clan that is infecting a large number of systems across the world at a large scale.
The chief spread methods of redmat crypto-virus infection includes spam e-mail campaigns, online advertising & fake software downloads/updaters.
Upon infecting the system, Redmat searches the victim’s system for targeted files. These may include:
Once targeted files are located, redmat uses highly complex Cryptography methods such as RAS & AES to encrypt the files. The encrypted files are appended by .redmat extension, & hence made inaccessible to the user.
For Example; a file named “spreadsheet.xls” might be renamed as “spreadsheet.xls.redmat”.
Redmat Ransomware is also capable of contacting with its Command & Control Server from the victims system. It downloads & updates additional files on the victim’s PC & strengthens its grip on the system.
The main motive of the Redmat developers is to swindle the innocent users & extort money from them. Once the files are encrypted, a ransom-demanding message in a text format is dropped in every folder containing .redmat files.
The ransom note prompts the user that paying the ransom is the only way to restore the encrypted data. A unique private key, stored at the hacker’s server, is required to restore the data. In order to purchase the decryption key, the victim is required to a handsome amount to the hackers as ransom (in bitcoins).
The Amount demanded by the hackers remains same for all the STOP Ransomware variants ($980 in bitcoins). The note further states that the victims that contact hackers within 72 hours of the encryption can access 50% discount on the ransom amount ($490).
In addition to that, the hackers offer to decrypt one encrypted file free of cost. Users are asked to send any one encrypted file to the hackers via e-mail on firstname.lastname@example.org or email@example.com. The decrypted file is sent then sent back to the victim as a guarantee of decryption.
Please note that these claims are mere tricks to take the users into thinking that the decryption of files is possible.
Fearing to lose the data, many victims often contact hackers & pay the Ransom Amount. However, paying the ransom may not always help in getting the data back. Hackers often avoid responding victims after the amount has been received. This way, the victims lose their data permanently.
Therefore, users are advised to abolish any encouragement to contact hackers & pay the ransom. Be vigilant & do not let the hackers extort money from you.
Backing up data on an external storage device regularly & being careful while using internet may help in preventing Redmat infection.
According to security analysts, hackers behind Redmat Ransomware are employing common internet services for its propagation. These include Spam E-mail Campaigns, Software Downloads & Pop-up Adverts.
Hackers send infected e-mail attachments such as invoices, bills, credit card scores & discount coupons to the targeted devices. The e-mails appear legitimate as these are sent with the names of legit companies such as PayPal or FedEx.
Clicking on these e-mails may install Redmat Ransomware on the user’s PC.
Other spread techniques used by the hackers include:
To restart the system to Safe Mode with Networking, if already switched ON then follow the below steps:
5 Click on the username and enter the password (if any).
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.