Cyptojacking is the latest buzzword in the cybersecurity world. The notorious cybercriminals have taken the advantage of the growing cryptocurrency craze. Prior to that, ransomware like WannaCry didn’t leave any stone unturned in ruining the digital lives of many people.
A new ransomware named RedEye has caught the eye of a security researcher, who discovered the malware back in February. It claims to destroy the victim’s computer if the payment isn’t made. It’s worth noting that the new strain is created by the author of Annabelle ransomware.
The blog post on the same mention that the infecting file is too large for a malware. The huge 35MB size is due to audio files and images. Talking about the audio, after the infection, the ransomware plays three creepy sounds to scare the user.
The binary has also been protected using compression and ConfuserEx. It ultimately replaces the MBR as well as performs some steps to make the removal difficult; it hides disk drives, disables task manager, etc.
The ransom note with the binary displays a message that states that AES256 algorithm has encrypted all the personal files. It actually overwrites or fills the files with 0 bytes.
It goes without saying that the only claimed way to get back the files is to make a 0.1 Bitcoins payment. “You got 4 days to pay, when the time is up, then your PC will be fully destroyed,” the message reads.
In case a computer gets infected by RedEye, the researcher has also mentioned steps that one should take to remove it or recover lost files. You can read the detailed account here.