Initial Investigation Report on Red Alert Ransomware
Another HiddenTear project-based ransomware is found in the wild, being called Red Alert Ransomware. The ransomware is developed by professional malware developers, has ability to make use of AES cryptography in oder to encode victim’s files saved on local disk, removable drives including mapped network drives and generate public and private keys. When file encoding is done, Red Alert Ransomware connects to C&C server and upload victim’s data including private key. However, you must know that without a proper private key (aka decryption key) files decoding can not be succeed. As you know, AES cryptography is a military-grade encryption cipher. Though, once files are encoded, couldn’t be decoded without per PC-based private key.
However, security experts advise against contacting malware developers and paying off ransom because these activities may allow hackers to purloin your highly classified credentials and hack into your various accounts. Instead, they advise to follow some alternative instruction to restore/recover files such as using ShadowExplorer, System Restore Point, Backup drives etc. Furthermore, you must know that Red Alert Ransomware appends ‘.locked’ extension to encoded files that will be completely inaccessible and useless. It also drops ransom note named ‘message.txt’ on the desktop and inside each folders that have encoded files.
The ransom note features following texts:
“YOUR FILES HAS BEEN BLOCKED
All Your Files Has been Blocked !!!
To you unlock the files access “MESSAGE” file and follow the instructions or we will delete ALL your personal archives.
YOUR FILES HAS BEEN BLOCKED”
The ransom note doesn’t show ransom amount but according to victim’s complain report, Red Alert Ransomware targets English-speaking users on the planet Earth and demand around 1500 USD Via Bitcoin Wallet in oder to deliver decryption key. However, there is no guarantee that decryption key will work definitely. Thus, trusting on malware developers can be your biggest mistake.
Reasons Behind Red Alert Ransomware Successful Attack
Probably, you haven’t installed an efficient Antivirus software on your Windows machine. May be, you haven’t updated or licensed you Security software from a very long time. In either cases, Red Alert Ransomware can invade you computer through installing fake updates, trojanized software, executing Junk emails attachments or wireless networks as well. Nowadays, exploit kits and malicious script files play important role in distribution of the ransomware. However, if you keep an Antivirus software licensed and up-to-date on your Windows then threats like Red Alert Ransomware will stay away.
After reading all these needful informations, now you can proceed to delete Red Alert Ransomware from your Windows.