Redeemer Ransomware is Updated to Exploit Windows 11 Systems

Months after hibernating, the maker of Redeemer ransomware appeared in various underground hacker forums selling their updated ransomware malware – Redeemer 2.0.

The author is offering the new variant for free, hoping to attract noob hackers and shall take 20% of their ransom payments as commission. The updated version of Redeemer ransomware is capable of hitting Windows 11 systems and many more features.

Redeemer 2.0 For Noob Hackers

Slightly different from the current Ransomware-as-a-Service setting, the author of Redeemer ransomware is hiring hackers without any qualifications – so anyone can procure his ransomware malware to hit targets.

The author is seen selling his malware in various underground hacker forums for free, hoping to get as many hackers as possible. Anyone obtaining the malware code and making up their own ransomware – should share 20% of the earnings (ransom) with the Redeemer author if successful.

But if no one turns up or they lose interest in the project, the Redeemer author pledged to make the code open-source – which may result in even more bad consequences. They had already done this with Redeemer 1.0.

Written entirely in C++, the new Redeemer 2.0 works on Windows Vista, 7, 8, 10, and 11 and supports multi-threaded performance and a medium AV detection rate. The author even created a dedicated page in Dread (a dark website) for the affiliates to communicate with them and guide their ransomware operations.

As noted by Cyble researchers, the new Redeemer 2.0 is capable of hitting Windows 11 systems, too, aside from Windows Vista, 7, 8, and 10. It even got support for GUI tools and more communication options like the XMPP and Tox Chat.

The malware exploits the Windows APIs in target machines to execute operations with admin privileges. Before encryption of data, the Redeemer 2.0 deletes all the shadow copies, backups, and event logs to avoid any restoration by the victim. It also kills certain processes to make itself run smoothly in the victim’s device.

Once done encrypting, it replaces all the file logos with its custom Redeemer icon, with the file extensions having a .redeemer appended.

Custom Redeemer icon

And whenever the victim tries to open an encrypted file, it shows up a dialog box with a direction to check the ransom note stored in the Winlogon registry key.

And when the victim agrees to pay, the affiliate has to share 20% of them with the Redeemer author since shared it for free. This opens up doors to noob hackers who may not be able to attack large organizations but hit small sensitive entities in healthcare and small businesses.

Other Trending News:-  News


Please enter your comment!
Please enter your name here