Redeemer 2.0 Ransomware Back with a Vengeance

ransomware

Redeemer 2.0 is the name of the updated version of the previously released Redeemer ransomware strain.

Redeemer 2.0 does a couple of things differently from other ransomware variants, but at its core, it's business as usual - most files on the system get encrypted and turned useless. The ransomware will encrypt most media, archive, document and database file extensions.

Upon encryption, files receive a new ".redeem" extension appended past their old one. In addition to this change, the ransomware makes changes to Windows settings and assigns a new icon for the new ".redeem" extension, so every single encrypted file will look the same, now bearing an icon with a stylized horned skull on it and the name "Redeemer".

The ransom note is handled a bit differently too - in addition to generating a text file named "Read Me.TXT", the ransomware also displays the full note on system boot, before the Windows login screen.

The full ransom note is as follows:

[Stylized ASCII text with Redeemer logo]

Made by Cerebrate - Dread Forums TOR

[-]

[Q1] What happened, I cannot open my files and they have changed their extension?

[A1] Your files have been encrypted by Redeemer, a Darknet ransomware operation.

[Q2] Is there any way to recover my files?

[A2] Yes, you can recover your files. This will however cost you money in XMR (Monero).

[Q3] Is there any way to recover my files without paying?

[A3] Without paying it is impossible your files.

Redeemer uses most secure algorithms and a sophisticated encryption scheme which guarantees security.

Without a proper key, you will never regain access to your files.

[Q4] What is XMR (Monero)?

[A4] It is a privacy oriented cryptocurrency.

You can learn more about Monero on getmonero.org.

You can view ways to purchase it on www.monero.how/how-to-buy-monero.

[Q5] How will I decrypt my files?

[A5] Follow the general instructions:

-1. Buy 10 XMR.

-2. Contact:

        the following email: - OR

        the following email: -

After you established contact send the following key:

-----BEGIN REDEEMER PUBLIC KEY-----

-

-----END REDEEMER PUBLIC KEY-----

-3. You will receive an XMR address where you will need to pay the requested amount of Monero.

-4. After you pay and the payment is verified, you will receive a decryption tool and a key which will restore all your files and your computer back to normal.

July 29, 2022