The discovery of another new ransomware has become a matter of security concern for cybersecurity experts. Named Redeemer, the ransomware is being actively promoted by a threat actor named Cerebrate on a cybercrime forum called Dread.
When was it first discovered?
- Redeemer ransomware was first discovered in June 2021, and since then, has been released in four different versions - 1.0, 1.5, 1.7, and 2.0.
- According to researchers from Cloudsek, these versions were available over a period of time, since September 2021.
- All four versions are written in C++, with major changes observed in the way they encrypt files.
How does it operate?
- The ransomware comes with a builder and decrypter executable. Once executed, Redeemer clones itself with the name of a system executable file and creates a hidden folder in the Windows directory.
- The ransomware terminates all the running processes and executables that may pose a threat to the encryption routine. It uses a combination of AES256 and RSA algorithms to encrypt the files.
- It also modifies the Winlogon registry value and sets it to display the ransom note.
- When a victim clicks on an encrypted file, it shows a ReadMe.TXT file containing the ransom note.
- To decrypt the files, the victims are asked to pay the ransom amount in Monero.
Worth noting
The threat actor, Cerebrate, behind Redeemer ransomware will share the master decryption key only after receiving 20% of the collected ransom amount. The remaining amount is collected by the affiliate attackers.
Other concerning facts
Researchers have also observed an emergence in cross-platform ransomware families as threat actors learn to adapt their malware to different operating systems at the same time. Three of such recently discovered ransomware are BianLian, RedAlert, and Monster. The cross-platform capabilities of ransomware pose a significant threat in the cybersecurity landscape as it makes the job of attackers to execute attacks across multiple operating systems easier.
Conclusion
The ever-evolving threat landscape highlights how threat actors are working round the clock to ensnare more and more organizations with new and evolved ransomware. Therefore, organizations and their security teams must be aware of the indicators such as attack types, modus operandi, and the exploits used to keep the attackers at bay.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_349177088.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/f970_shutterstock_680078869.jpg)
