These days, a new ransomware has infected wide range of Windows PC dubbed as RedEye Ransomware which is designed by the same developer who created Jigsaw and ANNABELLE Ransomware and developed by iCoreX hacker. Like others it also created to destroy victim's files and hold them for ransom fee. But the decryption of file is possible at free of cost by following appropriate instruction which is described at the end of this post. So, keep reading this post completely.
Analysis Report of RedEye Ransomware
Name | RedEye Ransomware |
Category | Cryptovirus, Ransomware |
Creator | iCoreX |
Danger Level | High |
Infected Systems | Windows PC |
File Encryption Algorithm | AES-256 |
File Extension | .RedEye |
MD5 | 832090ba6fe32a3c7c36dbd76f270215 |
SHA1 | 804b8e85f38de8b82a961401836ccec5880342e6 |
SHA256 | 1a8b7a6547b743ea01bb0ac057c91228c10dc8f99562ce2b06e25893161776bb |
Compilation timestamp | 2018-05-03 10:04:35 |
Ransom Amount | 0.1 BTC |
Decryption of File | Possible, using Windows Scanner Tool – download it |
Infiltration Methods of RedEye Ransomware
Similar to other ransomware, creators of RedEye Ransomware also uses traditional method known as spam email campaigns. It may easily ends up on your System when you download any infected attachment or dubious messages from your inbox. Besides this, it may also end up on your System when you download any freeware packages, visit any gambling site, use contaminated devices, share file over P2P network etc. The propagation channels of RedEye Ransomware may always varies but bear in your mind that its main source of infiltration is Internet. Therefore, you must be attentive while surfing web.
Attack Vector of RedEye Ransomware
Once RedEye Ransomware successfully attacks Windows PC and compromises Windows user then after it immediately drops a file having 30 MB file size that includes several media files including audio files, images, eBooks, databases, documents, PDFs and many more. This variant of ransomware is mainly the infected file containing 3 .wav files including :
- child.wav
- redeye.wav
- suicide.wav
All .wav files that plays by RedEye Ransomware sound creepy. The primary objective of its files to scare innocent users. Once it starts to execute its malicious process, it immediately disable that task manage and hide itself into your drives. It is known to use AES-256 file encryption algorithm to perform the encryption procedure. Once performing the successful encryption procedure, it displays a ransom note containing detailed information about RedEye Ransomware attack. By displaying ransom note, its developers asks victims to pay 0.1 BTC.
Don't Trust on Ransom Note Displayed By RedEye Ransomware
Once seeing ransom message, most of the System users decided to pay the ransom demanded fee. If you are also one of them then you must know that it is one of your bad decision forever because like other ransomware its creators also doesn't deliver you any decryption key even paying large sum of the ransom fee. Ransom note is nothing than a tricky medium through which it tricked more and more Windows users into paying only ransom fee and encouraging cyber criminals. Therefore, security experts are strictly advised users to get rid of RedEye Ransomware from infected PC.
Free Scan your Windows PC to detect RedEye Ransomware
Remove RedEye Ransomware From Your PC
Step 1: Remove RedEye Ransomware in Safe Mode with Command Prompt
- First of all disconnect your PC with network connection.
- Click restart button and keep pressing F8 key regularly while system restart.
- You will see “Windows Advanced Options Menu” on your computer screen.
- Select “Safe Mode with Command Prompt” and press Enter key.
- You must login your computer with Administrator account for full privilege.
- Once the Command Prompt appears then type rstrui.exe and press Enter
- Now follow the prompts on your screen to complete system restore.
Step 2: Remove RedEye Ransomware using MSConfig in Safe Mode:
- Power off your computer and restart again.
- While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.
- Use the arrow keys to select “Safe Mode” option and press Enter key.
- Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.
- Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:
C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1
- Disable all the malicious entries and save the changes.
- Now restart your computer normally.
Step 3 : Kill Malicious Process Related To RedEye Ransomware
- Press Alt+Ctrl+Del buttons together.
- It will open the Task manager on your screen.
- Go to Process Tab and find RedEye Ransomware related process.
- Click the End Process Now button to stop the running process.
Step 4 : Remove RedEye Ransomware Virus From Registry Entry
- Press “Windows + R” key together to open Run Box.
- Type “regedit” and click OK button.
- Find and remove RedEye Ransomware related entries.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Now hopefully you have completely removed the RedEye Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.
Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the RedEye Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.
If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.