A destructive new strain of ransomware has been uncovered this week that permanently destroys a victim’s computer if they refuse to pay a ransom.
Dubbed Red Eye, the new ransomware is delivered to a victim via a huge 35 MB file that contains images and audio files embedded within the code.
To instill a sense of fear within the victim, the ransomware contains three audio files (child.wav, redeye.wav, suicide.wav) that play a creepy sound which is intended to scare the user and prompt them into taking immediate action.
Once the ransomware has been installed on a victim’s computer, it performs a series of actions that make it extremely difficult to remove, including disabling Window’s task manager and hiding within the infected drive.
A ransom note is then displayed on the victim’s computer informing them that their files have been encrypted and if they want to have their files restored, they will need to pay a ransom fee of 0.1 Bitcoins to a specified address. Upon paying the ransom, they will then receive a decryption key to unlock the ransomware.
Source: Bleeping Computer
If the victim does not pay the ransom within 4 days the malware claims it will fully destroy the computer after the deadline has passed.
Users are strongly advised not to pay any ransom and protect themselves online by installing and updating anti-virus software, backing up data, regularly changing passwords and using different passwords for separate accounts.
One of the most common delivery systems for ransomware is through a phishing link. Phishing is a type of online scam where criminals send out fraudulent email messages that appear to come from a legitimate source.
The email is designed to trick the recipient into entering confidential information into a fake website by clicking on a link. Once clicked, the criminals will then steal sensitive information or directly infect a computer with malware.
To protect yourself from this type of attack, never download PDF documents from someone you are unfamiliar with, avoid websites you have unknowingly been directed to and don’t click on suspicious links.
MetaCompliance has extensive experience in protecting organisations around the world from phishing and ransomware attacks. Contact us for further information on how we can help your business stay cyber secure.