REDCryptoApp 勒索軟體鎖定文件

REDCryptoApp 是一種惡意軟體，旨在加密資料並要求為其解密付費，將其歸類為勒索軟體。當我們在測試系統上運行該惡意軟體的樣本時，它成功加密了文件，並在文件名中附加了“.REDCryptoApp”擴展名。

例如，最初名為“1.jpg”的檔案現在將顯示為“1.jpg.REDCryptoApp”，而“2.png”則變為“2.png.REDCryptoApp”，依此類推。加密過程完成後，系統會存入一張名為「HOW_TO_RESTORE_FILES.REDCryptoApp.txt」的勒索字條。

REDCryptoApp 勒索信中的消息斷言受害者的網路已受到損害。它解釋說，文件在攻擊過程中被加密，私人資料被盜。為了解密文件並防止下載內容洩露，受害者需要支付贖金。在進行付款之前，可以對多個加密檔案進行解密能力測試。該說明最後提出了嚴厲警告。

REDCryptoApp 使用冗長的勒索信

REDCryptoApp 勒索信全文如下：

Attention!
What happened?

We hacked your network and safely encrypted all of your files, documents, photos, databases, and other important data with reliable algorithms.
You cannot access your files right now, But do not worry You can get it back! It is easy to recover in a few steps.

We have also downloaded a lot of your private data from your network, so in case of not contacting us these data will be release publicly.
Everyone has a job and we have our jobs too, there is nothing personal issue here so just follow our instruction and you will be ok.
Right now the key of your network is in our hand now and you have to pay for that.
Plus, by paying us, you will get your key and your data will be earse from our storages and if you want you can get advise from us too, in order to make your network more than secure before.

How to contact us and get my files back?

The only method to decrypt your files and be safe from data leakage is to purchase a unique private key which is securely stored in our servers.

To contact us and purchase the key you have to get to the link below :

Onion Link : -

Hash ID : -

Important : This is a unique link and hash for your network so don't share these with anyone and keep it safe.

How to get access to the Onion link ?

Simple :

1- Download Tor Browser and install it. (Official Tor Website : torproject.org)
2- Open Tor Browser and connect to it.
3- After the Connection, Enter the Onion Link and use your Hash ID to login to your panel.

What about guarantees?

We understand your stress and worry.
So you have a FREE opportunity to test a service by instantly decrypting for free some small files from your network.
after the payment we will help you until you get your network back to normal and be satesfy.

Dear System Administrators,
Do not think that you can handle it by yourself.
By hiding the fact of the breach you will be eventually fired and sometimes even sued.
Just trust us we've seen that a lot before.

Follow the guidelines below to avoid losing your data:

Important

Do not modify or rename encrypted files. You will lose them.
Do not report to the Police, FBI, EDR, AV's, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything.
Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are smarter than us and they can trick us, but it is not. They usually fail. So speak for yourself.
Do not reject to purchase, Exfiltrated files will be publicly disclosed.

Important

像 REDCryptoApp 這樣的勒索軟體如何感染您的系統？

像 REDCryptoApp 這樣的勒索軟體可以透過多種方式感染您的系統，包括：

網路釣魚電子郵件：攻擊者經常透過包含惡意附件或連結的網路釣魚電子郵件來分發勒索軟體。這些電子郵件可能看起來合法，誘使收件人打開附件或點擊鏈接，然後下載並執行勒索軟體。

惡意網站：造訪受損或惡意網站也可能導致勒索軟體感染。這些網站可能會利用您的瀏覽器或外掛程式中的漏洞在您不知情的情況下下載勒索軟體並將其安裝到您的系統上。

利用軟體漏洞：勒索軟體可以利用軟體應用程式或作業系統中的漏洞。攻擊者利用未修補的系統來傳遞勒索軟體有效負載，然後利用這些漏洞滲透您的系統。

惡意廣告：點擊惡意廣告或惡意廣告可能會傳播勒索軟體。這些廣告可能會出現在合法網站上，並利用網頁瀏覽器或外掛程式中的漏洞下載勒索軟體並將其安裝到您的系統上。

遠端桌面協定 (RDP) 攻擊：攻擊者可能會利用遠端桌面協定 (RDP) 連線的弱密碼或預設密碼來獲得對系統的未經授權的存取。一旦進入內部，他們就可以將勒索軟體直接部署到受感染的系統或網路上。

從不受信任的來源下載軟體：從不信任或盜版的來源下載軟體可能會增加勒索軟體感染的風險。攻擊者可能將勒索軟體偽裝成合法軟體，誘騙用戶下載並執行惡意程式。

為了防止勒索軟體感染，必須維護更新的防毒軟體，定期修補軟體和作業系統，開啟電子郵件附件或點擊連結時務必小心，並避免從不受信任的來源下載軟體。此外，實施安全最佳實踐（例如強密碼和多因素身份驗證）可以幫助降低勒索軟體攻擊的風險。