REDCryptoApp 勒索软件锁定文件
REDCryptoApp 是一种恶意软件,其目的是加密数据并要求付费解密,因此将其归类为勒索软件。当我们在测试系统上运行此恶意软件的样本时,它成功加密了文件并在文件名后附加了“.REDCryptoApp”扩展名。
例如,原本名为“1.jpg”的文件现在显示为“1.jpg.REDCryptoApp”,而“2.png”则变为“2.png.REDCryptoApp”,依此类推。加密过程结束后,会存入一张名为“HOW_TO_RESTORE_FILES.REDCryptoApp.txt”的勒索信。
REDCryptoApp 的勒索信中声称受害者的网络已被入侵。信中解释称,文件在攻击期间被加密,私人数据被盗。为了解密文件并防止下载内容被泄露,受害者需要支付赎金。在支付赎金之前,可以对几个加密文件进行解密能力测试。信中最后发出了严厉的警告。
REDCryptoApp 使用冗长的赎金记录
REDCryptoApp 赎金通知全文如下:
Attention!
What happened?We hacked your network and safely encrypted all of your files, documents, photos, databases, and other important data with reliable algorithms.
You cannot access your files right now, But do not worry You can get it back! It is easy to recover in a few steps.We have also downloaded a lot of your private data from your network, so in case of not contacting us these data will be release publicly.
Everyone has a job and we have our jobs too, there is nothing personal issue here so just follow our instruction and you will be ok.
Right now the key of your network is in our hand now and you have to pay for that.
Plus, by paying us, you will get your key and your data will be earse from our storages and if you want you can get advise from us too, in order to make your network more than secure before.How to contact us and get my files back?
The only method to decrypt your files and be safe from data leakage is to purchase a unique private key which is securely stored in our servers.
To contact us and purchase the key you have to get to the link below :
Onion Link : -
Hash ID : -
Important : This is a unique link and hash for your network so don't share these with anyone and keep it safe.
How to get access to the Onion link ?
Simple :
1- Download Tor Browser and install it. (Official Tor Website : torproject.org)
2- Open Tor Browser and connect to it.
3- After the Connection, Enter the Onion Link and use your Hash ID to login to your panel.What about guarantees?
We understand your stress and worry.
So you have a FREE opportunity to test a service by instantly decrypting for free some small files from your network.
after the payment we will help you until you get your network back to normal and be satesfy.Dear System Administrators,
Do not think that you can handle it by yourself.
By hiding the fact of the breach you will be eventually fired and sometimes even sued.
Just trust us we've seen that a lot before.Follow the guidelines below to avoid losing your data:
Important
Do not modify or rename encrypted files. You will lose them.
Do not report to the Police, FBI, EDR, AV's, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything.
Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are smarter than us and they can trick us, but it is not. They usually fail. So speak for yourself.
Do not reject to purchase, Exfiltrated files will be publicly disclosed.Important
REDCryptoApp 等勒索软件如何感染您的系统?
像 REDCryptoApp 这样的勒索软件可以通过各种方式感染您的系统,包括:
网络钓鱼电子邮件:攻击者经常通过包含恶意附件或链接的网络钓鱼电子邮件传播勒索软件。这些电子邮件可能看似合法,诱使收件人打开附件或点击链接,然后下载并执行勒索软件。
恶意网站:访问受感染或恶意的网站也可能导致勒索软件感染。这些网站可能会利用您浏览器或插件中的漏洞,在您不知情的情况下下载并安装勒索软件到您的系统上。
利用软件漏洞:勒索软件可以利用软件应用程序或操作系统中的漏洞。攻击者利用未打补丁的系统来传递勒索软件负载,然后利用这些漏洞渗透您的系统。
恶意广告:恶意广告或恶意广告可在用户点击后传播勒索软件。这些广告可能出现在合法网站上,并利用网络浏览器或插件中的漏洞下载勒索软件并将其安装到您的系统上。
远程桌面协议 (RDP) 攻击:攻击者可能利用远程桌面协议 (RDP) 连接的弱密码或默认密码来获取对系统的未经授权的访问权限。一旦进入系统,他们就可以直接在受感染的系统或网络上部署勒索软件。
从不受信任的来源下载软件:从不受信任或盗版的来源下载软件可能会增加勒索软件感染的风险。攻击者可能将勒索软件伪装成合法软件,诱骗用户下载并执行恶意程序。
为了防止勒索软件感染,必须维护更新的防病毒软件,定期修补软件和操作系统,打开电子邮件附件或单击链接时务必小心,并避免从不受信任的来源下载软件。此外,实施安全最佳实践(例如强密码和多因素身份验证)可以帮助降低勒索软件攻击的风险。
