RedEngine Ransomware
A new strain of file-encrypting malware has been spotted by security researchers. The new malware belongs to the Chaos family of ransomware variants and has been named the RedEngine ransomware.
RedEngine behaves a lot like other Chaos clones. Upon encryption, it scrambles the contents of files and makes them unreadable. Once encryption completes, the ransomware adds a random string of four alphanumeric characters, appending it as a new extension, in addition to the original one.
This means that if a file was named "picture.jpg", the encryption process would transform it into something similar to "picture.jpg.8xj6".
The ransom note is dropped in a plain text file, named "read_it.txt" and it goes as follows:
Don't worry, you can return all your files!
All your files like documents, photos, databases and other important are encrypted
What guarantees do we give to you?
You can send 3 of your encrypted files and we decrypt it for free.
You must follow these steps To decrypt your files :
dm me RedEngine#2058
Obtain XMR (You have to pay for decryption in XMR.
After payment we will send you the tool that will decrypt all your files.)
It's definitely an unconventional move for the ransomware actor to have a Discord account, as Discord is not the most secure or secretive place to conduct criminal activity on.
There is no specific ransom amount named in the note and the hacker expects victims to contact them and negotiate over Discord, it seems.