The latest variant of the free-to-use Redeemer ransomware builder, promoted by a threat actor on hacker forums, provides unskilled threat actors with easy access to encryption-backed extortion attacks.
Redeemer ransomware features
The new variant release is completely written in C++; has a medium AV detection rate, to go with multi-threaded performance; and is compatible with Windows Vista, 7, 8, and 11.
- Unlike RaaS operations, anyone can download and use the ransomware builder to launch their own attacks.
- There is a new graphical user interface for the affiliate to build the ransomware executable and decryption tool.
- Redeemer 2.0 has additions such as support for GUI tools and communication options such as XMPP and Tox Chat.
- The variant has a campaign ID tracking system that allows threat actors to track various attacks at a time.
What happens once a victim agrees to pay a ransom?
If the victim decides to pay the ransom, the author will get 20% of the fees.
- The author's cut is a guaranteed one and the affiliate has no control over it because the ransom amount is determined during the making of the ransomware and corresponds to a certain ID.
- Once the ransom is paid, the author shares the master key to be combined with the private build key held by the affiliate for decryption.
- The author also created a page on the dark web site Dread for affiliates to acquire the kit, establish communication, access instructions, and receive support to carry out a successful attack.
Open threat
The author has threatened that the project's source code will become public if they lose interest, making the Redeemer 2.0 project risky. Something similar occurred with Redeemer 1.0 back in June 2021.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_134399564.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_352962335.jpg)
