Redeye Ransomware/Wiper | Another Skid Nightmare | Summary and Q&A

TL;DR

RedEye is a new ransomware that functions more like a wiper than actual ransomware, deleting files instead of encrypting them.

Key Insights

• 👶 RedEye ransomware is still relatively new and has only been detected by a small number of antivirus engines.
• 🌥️ Its large file size suggests it is more for demonstration purposes rather than actual financial gain.
• 💄 RedEye replaces files with empty garbage, making data recovery impossible for victims.
• 🍿 The ransom message threatens to destroy the PC if the ransom is not paid within a specified time frame.
• 🎯 Network drives are not targeted by RedEye, potentially sparing shared files.
• 🥺 The ransomware includes a "destroy PC" button, which leads to the irreparable destruction of the computer.
• 📁 The ransom message includes a Bitcoin address for payment but recovery of files seems unlikely.

Transcript

we have another new ransomware in town isn't that great this one's called redeye I first saw it a couple of days ago and it's still only detected by like 31 out of 67 engines on Mars total so it's fairly new now what's unusual about this is this has a file size of 35 megabytes which is really excessive for ransomware kind of indicates that this is ... Read More

Questions & Answers

Q: How does RedEye differ from traditional ransomware?

RedEye functions more like a wiper as it deletes files instead of encrypting them, making it impossible to recover the data.

Q: Does RedEye affect network drives?

No, RedEye seems to spare network drives and only affects local files on the infected computer.

Q: What happens if the "destroy PC" button is clicked?

Clicking the "destroy PC" button triggers a message saying suicide isn't a solution, but ultimately leads to the irreparable destruction of the PC.

Q: What are the potential legal implications for creating and distributing ransomware?

Creating and distributing ransomware is illegal and can lead to prosecution, even if the intention is not to extort money but to simply destroy systems maliciously.

Summary & Key Takeaways

• RedEye is a recently discovered ransomware that has a large file size of 35 megabytes, suggesting it is more for show than actual financial gain.

• Unlike typical ransomware, RedEye deletes files and replaces them with empty garbage, making data recovery impossible.

• This ransomware has the ability to maximize the volume on the infected computer and displays a ransom message threatening to destroy the PC if the ransom is not paid.