RedEnergy Stealer Strikes at Industrial Entities

A highly sophisticated ransomware and data-stealing threat named RedEnergy has been identified, targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines through their LinkedIn pages.

According to a recent analysis by Zscaler researchers, this .NET malware possesses the capability to extract sensitive data by stealing information from various web browsers. It incorporates multiple modules to carry out both data theft and ransomware activities. The objective of RedEnergy is to combine data theft and encryption to maximize the damage inflicted on victims.

RedEnergy Mode of Operation

The attack begins with a FakeUpdates (also known as SocGholish) campaign, which tricks users into downloading JavaScript-based malware disguised as web browser updates.

What sets this attack apart is the use of legitimate LinkedIn pages to target victims. When users click on the website URLs, they are redirected to a fake landing page that urges them to update their web browsers by clicking on the respective icons (Google Chrome, Microsoft Edge, Mozilla Firefox, or Opera). This action leads to the download of a malicious executable file.

Once a successful breach is achieved, the malicious binary establishes persistence, performs the actual browser update, and deploys a data-stealing component capable of discreetly harvesting sensitive information. It also encrypts the stolen files, putting the victims at risk of data loss, exposure, or potential sale of their valuable data.

Zscaler has observed suspicious interactions occurring through a File Transfer Protocol (FTP) connection, suggesting that valuable data may be exfiltrated to infrastructure controlled by the threat actors.

In the final stage, RedEnergy's ransomware component proceeds to encrypt the user's data, appending the ".FACKOFF!" extension to each encrypted file, deleting existing backups, and leaving a ransom note in each folder.

To regain access to their files, victims are expected to make a payment of 0.005 BTC (approximately $151) to a cryptocurrency wallet mentioned in the ransom note. RedEnergy's ability to function as both a data stealer and ransomware marks an evolution in the cybercrime landscape.

By Zaib
July 6, 2023
Computer Security
English
July 6, 2023
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Computer Security

Xenon Stealer

Xenon Stealer is the name of a malicious application being distributed on underground hacking forums. Any budding hacker can purchase the malware for as little as a hundred dollars and then find ways to deliver it to... Read more

May 19, 2021
Malware

Remove Ginzo Stealer

Ginzo Stealer is a dangerous piece of malware being promoted via Telegram groups and online hacking forums frequented by cybercriminals. The creators of Ginzo Stealer advertise is a free to use tool, which packs all... Read more

March 28, 2022
Computer Security

RedEnergy Stealer Mixes Ransomware and Infostealer in One

Zscaler ThreatLabz recently made an intriguing discovery, uncovering a new variation of malware called RedEnergy stealer. This particular malware falls under the category of Stealer-as-a-Ransomware, although it should... Read more

June 26, 2023
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.