Remove EveRed Ransomware

The EveRed Ransomware is another new file-locker, which does not appear to be part of any of the popular ransomware families at the moment. Nevertheless, its attack is still very destructive. It can encrypt a lot of your files, leaving you unable to open them. The threat also marks the names of these files with the extension '.evered.' Typically, this threat goes after files that contain important data – documents, media, archives, backups, etc.

Of course, ransomware operators are almost always looking to get money out of their victims. The EveRed Ransomware is not any different. After completing its attack, it changes the desktop wallpaper to an image that contains a padlock and the text LOCKED.  Victims will also find the file 'readme.txt' on their desktop. It contains a message from the criminals, and reveals their demands and instructions:

  • They ask for a ransom payment of 1 mBTC, which is equal to 0.001 BTC, or about $56.
  • There is no way to contact them, as no email is provided.
  • They do not offer test decryption for any files.
  • The message also has instructions on how to buy Bitcoin.
EveRed Ransomware Ransom Note

We assure you that trusting EveRed Ransomware's creators is a terrible idea. Since the threat does not come with a built-in decryptor, it would be impossible for the decryption process to finish automatically. If you opt to send money to the wallet of the attackers, it is likely that you will get scammed. They do not offer any reason to trust them.

So, how should victims of the EveRed Ransomware proceed? The first and most important task to complete is to run an up-to-date antivirus scanner. This will help discover and eliminate all malicious files in one go. After this has been taken care of, they should try recovering from a backup. If this option is not available to them, then they should look for alternative data recovery methods and tools.

October 12, 2021