A newer version of the Redeemer ransomware was spotted being advertised on hacking forums, where its developers offer other unskilled hackers the free-to-use ransomware builder to aid them in propagating attacks.
Written in C++, the ransomware’s second version works on all Windows OS and features a multi-threaded performance that could also evade security detection.
The design of the Redeemer ransomware allows any threat actor to use it in attacks for free, but its author would have to receive 20% of the victim’s extorted payment as a share for giving out the tool.
Moreover, the Redeemer ransomware’s developer must also be shared the master key of the victim’s encrypted data. The original authors imposed these rules in exchange for the Redeemer’s free-to-use feature for all threat actors.
When a hacker uses Redeemer’s newest version, they will be presented with a new graphical UI capability that helps them build the ransomware executable and decryption tools. Aside from supporting Windows OS, the Redeemer ransomware also supports other additions like GUI tools and communication options, such as Tox Chat and XMPP.
Redeemer also features a new campaign ID tracking system that allows its operators to monitor and track a campaign they are running. Its authors had also established a separate dark web page for other hackers to access where they could acquire the kit, access instructional materials, communicate, and receive service support.
Based on the analysis of Redeemer’s newest version, upon launch, it creates a mutex that helps it avoid multiple running instances inside the system of the victim’s computer and then exploits Windows API to run itself with elevated admin access.
The ransomware first exploits Windows commands to delete the events logs, shadow copies, and all system state backups to prevent the victims from restoring their files. Afterwards, it will begin terminating numerous processes, such as WinWord, Visio, Excel, and more, preventing active tools from disrupting the encryption process. This process also frees up all files in the computer so everything can be encrypted.
Security experts say that all projects like the free-to-use Redeemer ransomware could allow hackers to execute damaging cyberattacks against businesses, even with threat actors that are still low-skilled in terms of hacking.