A new ransomware named RedEye has caught the eye of a security researcher, who discovered the malware back in February. It claims to destroy the victim's computer if the payment isn't made. It's worth noting that the new strain is created by the author of Annabelle ransomware.

The blog post on the same mention that the infecting file is too large for a malware. The huge 35MB size is due to audio files and images. Talking about the audio, after the infection, the ransomware plays three creepy sounds to scare the user.

The binary has also been protected using compression and ConfuserEx. It ultimately replaces the MBR as well as performs some steps to make the removal difficult; it hides disk drives, disables task manager, etc.

The ransom note with the binary displays a message that states that AES256 algorithm has encrypted all the personal files. It actually overwrites or fills the files with 0 bytes.

It goes without saying that the only claimed way to get back the files is to make a 0.1 Bitcoins payment. "You got 4 days to pay, when the time is up, then your PC will be fully destroyed," the message reads.

Removal: https://bartblaze.blogspot.com/2018/0...

Want to join the Penetration Testing community? Join our Discord server!
https://discordapp.com/invite/rrRQGnJ

Do you enjoy the content on this channel? YouTube ad revenue is virtually non-existent so please consider funding Penetration Testing via Patreon:
https://www.patreon.com/penetrationte...

Facebook Page: https://www.facebook.com/kaliforensics

Pinterest: https://www.pinterest.com/penetration...

Instagram: https://www.instagram.com/penetration...

Google+: https://plus.google.com/b/10053333383...

Thanks For Watching....

Like Share & Subscribe.....