Redeemer 2.0 Ransomware Back with a Vengeance
Redeemer 2.0 is the name of the updated version of the previously released Redeemer ransomware strain.
Redeemer 2.0 does a couple of things differently from other ransomware variants, but at its core, it's business as usual - most files on the system get encrypted and turned useless. The ransomware will encrypt most media, archive, document and database file extensions.
Upon encryption, files receive a new ".redeem" extension appended past their old one. In addition to this change, the ransomware makes changes to Windows settings and assigns a new icon for the new ".redeem" extension, so every single encrypted file will look the same, now bearing an icon with a stylized horned skull on it and the name "Redeemer".
The ransom note is handled a bit differently too - in addition to generating a text file named "Read Me.TXT", the ransomware also displays the full note on system boot, before the Windows login screen.
The full ransom note is as follows:
[Stylized ASCII text with Redeemer logo]
Made by Cerebrate - Dread Forums TOR
[-]
[Q1] What happened, I cannot open my files and they have changed their extension?
[A1] Your files have been encrypted by Redeemer, a Darknet ransomware operation.
[Q2] Is there any way to recover my files?
[A2] Yes, you can recover your files. This will however cost you money in XMR (Monero).
[Q3] Is there any way to recover my files without paying?
[A3] Without paying it is impossible your files.
Redeemer uses most secure algorithms and a sophisticated encryption scheme which guarantees security.
Without a proper key, you will never regain access to your files.
[Q4] What is XMR (Monero)?
[A4] It is a privacy oriented cryptocurrency.
You can learn more about Monero on getmonero.org.
You can view ways to purchase it on www.monero.how/how-to-buy-monero.
[Q5] How will I decrypt my files?
[A5] Follow the general instructions:
-1. Buy 10 XMR.
-2. Contact:
the following email: - OR
the following email: -
After you established contact send the following key:
-----BEGIN REDEEMER PUBLIC KEY-----
-
-----END REDEEMER PUBLIC KEY-----
-3. You will receive an XMR address where you will need to pay the requested amount of Monero.
-4. After you pay and the payment is verified, you will receive a decryption tool and a key which will restore all your files and your computer back to normal.