Redants Ransomware

Redants Ransomware is yet another infection to emerge from the Hidden-Tear family. Others that belong to it include Fabsyscrypto Ransomware, Hidden-Peach Ransomware, and PayDay Ransomware. All of these threats were built using the same source code, but they might have been created by different parties, which is why some are more “popular” than others. The one we are discussing in this report is completely new, and, based on the development stage it is in, our research team believes that it might not be spread in the wild at all. If it is, there are a few traits that can help you identify this malicious threat. Once you identify the infection, your first instinct might be to remove Redants Ransomware; however, that is not necessarily the best thing. Obviously, this threat is dangerous, and you must delete it, but, first, you need to assess the damage it has caused, and figure out what to do about it. Keep reading to learn more.

Since Redants Ransomware was not distributed at the time or research, it is difficult to say how its developers could choose to spread it. Of course, considering that most ransomware infections are hidden behind harmless-looking spam email attachments, it is quite possible that this threat could be spread in this way as well. All in all, regardless of how this threat is distributed, once it is executed, it initiates the same malicious processes every time. First, it encrypts personal files using the AES (Advanced Encryption Standard) algorithm. As you might have discovered already, this infection encrypts files that are personal and irreplaceable. Now, if your files are backed up, you should have no issues recovering them, but, of course, that is a nuisance still. The encrypted files are given the “.Horas-Bah” extension, and so it is easy to spot them. If your personal files were encrypted by Redants Ransomware, check them out immediately to see whether or not you are in trouble. If you have backups or if the files encrypted by the threat are not really important for you, you are not in trouble. Otherwise, you might find yourself trapped by cyber crooks.

When Redants Ransomware slithers in, it creates only one file – at least, that is what we saw when testing the sample – and it is called “READ_ME.txt”. The purpose of this file, of course, is to introduce you to the instructions regarding the decryption of your files. The file should include an email address using which you are asked to communicate with cyber criminals. If you do, you should receive instructions on how to pay a ransom. If the files encrypted by the ransomware are important, you might want to follow the demands represented to you, but remember that you are dealing with cyber criminals, and they can feed you lies to trick you into doing what is best for them. Obviously, the only reason why Redants Ransomware was created is to generate a profit, and so cyber criminals could promise you anything just to make you pay the ransom. Unfortunately, no one can guarantee that the promises will be kept, and so our research team cannot provide you with an answer regarding what is the best move.

Once you know what you want to do regarding your personal files, you have to delete Redants Ransomware. This infection does not appear to create copies of its malicious launcher, and, as mentioned previously, the only file it creates is the ransom note file. Do you know where the launcher file is? If you have downloaded it yourself, you might be able to locate and delete it yourself. If you are having issues identifying the malicious .exe file, immediately install a trustworthy malware scanner that will find it automatically. Obviously, we advise using anti-malware software to have the threat removed automatically as well, but if you want to proceed manually, you can check out the guide below. Also, remember that our research team is ready to answer all questions regarding the malicious threat. If you have any, post them in the comments section below, and we will try to respond as soon as possible.

Redants Ransomware Removal

1. Right-click the malicious {unknown name}.exe file.
2. Select Delete to eliminate it.
3. Right-click the ransom file called READ_ME.txt (should be located on the Desktop).
4. Select Delete to get rid of it.
5. Empty Recycle Bin.
6. Install a malware scanner to inspect your operating system for leftovers.