Redeemer Ransomware 2.0 is now available on Dark Web Forums

Researchers at Cyble cyber intelligence firm, stated that a well-known hacker is pushing an even more sinister, commission-based version of the ransomware “Redeemer”, on dark internet forums.

This Redeemer 2.0 campaign differs from most Ransomware-as-a-Service (RaaS) operations in that it's free to use and accessible to anyone — allowing lesser-skilled cybercriminals to enter the ransomware racket in exchange for a cut of profits.

Redeemer 2.0 is “Easy To Use and Deploy.”

Cyble, an Australian-based research organization, announced earlier this week their findings regarding the new affiliate program. Redeemer 2.0, a ransomware program that can be downloaded in ZIP files by anybody via dark internet cybercrime forums is quite unique. You can also use it to create your own attacks.

Even the most inept hacker can run ransomware campaigns, especially on vulnerable organizations like small businesses and healthcare.

Redeemer was first released on June 20, 2021. It supports Windows 11 and includes ransomware campaign ID tracking systems. There are also ways to contact the creator of the program, Cerebrate. Redeemer sends 20% from ransoms directly to the author.

Cerebrate said that he had been operating his ransomware on Dread for about a year and that many people have made serious money using my software. He was promoting the product via a post to a dark internet forum.

What is the Operation of Redeemer

Cyble researchers discovered that Redeemer's new version abuses Windows services and functions. It deletes system backups in order to successfully take ransom files by locking or encrypting them. After this, the victim will be presented with an “Your Data is Encrypted” blue screen which includes explanations.

The Redeemer logo will replace the icons of encrypted system files. The Monero ransom payment is required to unlock system files. The software will provide an Onion address (accessible via Tor).

Once a ransomware attack has been successful, the author pays 20% of the “decryption fees”. After the payment is made, the author will send the “Redeemer Master Key” to the client. The key and the decrypter.exe allow victims to access their files.

This fee is justified by the author promising future software updates and protection. All communications between Cerebrate and client take place via dark internet (BreachForums, Dread), or “Tox Chat.”

Cyble pointed out that Redeemer could cause the loss of important data like financial and business data and eventually destroy an organisation's reputation or integrity.

Hacker Chats: “Uptick”

It is not clear if Redeemer will be used in cyber-attacks that are high-profile. However, Cerebrate has suggested that the software could be made freely available as open-source code for the community.

Cyble also pointed out that cybercriminals are increasing on unregulated platforms such as Telegram and Cybercrime Forums, where threat actors sell their products.

Cyble also noted an increase in the number of ransomware-related affiliate programs. Cyble said that ransomware creators “are increasing selling or leasing ransomware to associates for a part of any ransom money collected,” Cyble further stated.

Cyble's Guide to Avoiding Ransomware

Cyble lists cybersecurity best practices to help you defend against ransomware such as Redeemer. Cyble recommends that users regularly back up their systems offline, enable automatic updates on all computers, and use premium antivirus software. It also advises against opening email attachments and links without verifying them.

If you suspect that your computer has been infected by ransomware, immediately disconnect all external storage and detach any network devices.

It is a smart idea for regular users to keep a strong antivirus program active 24/7 on all your devices. A Virtual Private Network (VPN) is a great way to secure your network traffic.

Many users choose to have their antivirus software include a VPN. Our guide on how you can recognize dangerous phishing emails and protect yourself against common ransomware attacks in the first stage of infection is a good place to start.

Leave a Comment