Security News > 2022 > July > New Redeemer ransomware version promoted on hacker forums
A threat actor is promoting a new version of their free-to-use 'Redeemer' ransomware builder on hacker forums, offering unskilled threat actors an easy entry to the world of encryption-backed extortion attacks.
Unlike many Ransomware-as-a-Service operations, anyone can download and use the Redeemer ransomware builder to launch their own attacks.
The new version features a new graphical user interface for the affiliate to build the ransomware executable and decryption tool, while all instructions on how to use it are enclosed in the ZIP. The author says the project will go open-source if they lose interest, which is precisely what happened with Redeemer 1.0 back in June 2021, when the threat actor publicly released its source code.
The new ransomware builder version features several additions like support for Windows 11, GUI tools, and more communication options such as XMPP and Tox Chat.
Researchers at Cyble, who have analyzed the new version, report that the ransomware creates a mutex upon launch to avoid multiple running instances on the victim's system and abuses Windows APIs to execute itself with admin privileges.
The adoption of this new ransomware doesn't appear very high, but even if the project fails, the promise of releasing the source code creates the gloomy prospect of new projects based on the Redeemer source code.
News URL
Related news
- Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges (source)
- Pioneer Kitten: Iranian hackers partnering with ransomware affiliates (source)
- Iranian hackers work with ransomware gangs to extort breached orgs (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)