RedProtection Ransomware Demands Payment in Bitcoin
RedProtection was identified by our researchers during their analysis of new file submissions. This form of malware falls under the ransomware category, with the primary intent of encrypting data and demanding payment for its decryption.
Upon running a sample of RedProtection on our test system, it initiated the encryption of files. The titles of the encrypted files were modified by appending an extension consisting of four random characters. For instance, a file named "1.jpg" was transformed into "1.jpg.g525," and "2.png" became "2.png.7n45," and so forth.
Following the completion of the encryption process, the ransomware altered the desktop wallpaper and generated a ransom note named "read_it.txt." The wallpaper displayed a message notifying the victim that their data had been encrypted, urging them to contact the attackers within thirty minutes.
The ransom message is presented in both English and French, indicating that the recovery of the encrypted files requires a payment of 0.0061 BTC (Bitcoin cryptocurrency). As of the current writing, this amount is approximately valued at 200 USD, taking into account the constant fluctuations in exchange rates.
The note mentions that the ransom is open to negotiation but must be settled within 24 hours. Failing to pay within the provided deadline will result in the deletion of the decryption key, rendering file recovery impossible.
RedProtection Ransom Note Comes in French and English
The full text of the RedProtection ransom note reads as follows:
Warning! All your files have been encrypted. To regain access to your data, you must pay a ransom of 0.0061 btc (negotiable) in this wallet (17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV) within the next 24 hours.
If you don't pay on time, the decryption key will be destroyed, and your files will be lost forever.
Follow the instructions below to make the payment and recover your data:
contact me on Telegram: hxxps://t.me/RedProtectionYour ID is -
Attention ! Tous vos fichiers ont été cryptés.
Pour récupérer l'accès à vos données, vous devez payer une rançon de 0,0061 btc (négociable) dans l'addresse Bitcoin suivante(17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV) dans dans les prochaines 24 heures.
Si vous ne payez pas à temps, la clé de décryptage sera détruite, et vos fichiers seront perdus à jamais.
Suivez les instructions ci-dessous pour effectuer le paiement et récupérer vos données :
contacte-moi sur Telegram : hxxps://t.me/RedProtectionVotre ID est -
How Can Ransomware Like RedProtection Infect Your Computer?
Ransomware, including threats like RedProtection, can infect your computer through various means. Here are common methods through which ransomware gains access to a system:
- Phishing Emails: Cybercriminals often use phishing emails to distribute ransomware. These emails may contain malicious attachments or links that, when clicked, download and execute the ransomware on the victim's computer.
- Malicious Links: Ransomware can be distributed through malicious links on websites, social media, or other online platforms. Clicking on such links may trigger the download and installation of the ransomware without the user's knowledge.
- Exploiting Software Vulnerabilities: Cybercriminals take advantage of vulnerabilities in software or operating systems to deliver ransomware. It's crucial to keep your software, including antivirus programs and operating systems, up-to-date with the latest security patches to mitigate this risk.
- Malvertising: Malicious advertising, known as malvertising, involves cybercriminals placing infected ads on legitimate websites. Clicking on these ads can lead to the download and execution of ransomware.
- Drive-By Downloads: Ransomware can be delivered through "drive-by downloads" where malware is automatically downloaded and installed when a user visits a compromised or malicious website.
