[Jun, 4, 2020] - Version: 18.104.22.168
RedRum Ransomware encrypts victim's files using AES256 GCM and RSA-1024, adding the extension ".id-..redrum" or ".id-..thanos" to files.
The ransom note "decryption.txt" contains the following text:
FILES ARE ENCRYPTED: Hello! All your documents, photos, databases and other important files have been ENCRYPTED! Do you really interested to restore your files? If so, you must buy decipher software and private key to unlock your data! Write to our email - [email protected] and tell us your unique We will send you full instruction how to decrypt all your files. In case of no answer in 24 hours write us on additional e-mail address - [email protected] ======================================================================================================================== FAQ FOR DECRYPTION YOUR FILES: ======================================================================================================================== * WHATS HAPPENED ??? Your files are NOT DAMAGED! Your files have been modified and encrypted with strong cipher algorithm. This modification is reversible. The only way to decrypt your files is to purchase the decipher software and private key. Any attempts to restore your files with the third-party software will be fatal for your files, because would damage data essential for decryption ! Note !!! You have only 24 hours to write us on e-mail or all your files will be lost or the decryption price will be increased! ======================================================================================================================== * HOW TO RECOVERY MY FILES ??? You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decipher software and private key that will decrypt all your files. ======================================================================================================================== * FREE DECRYPTION !!! Free decryption as guarantee! If you don't believe in our service and you want to see a proof, you can ask us about test for decryption. You send us up to 5 modified files. Use file-sharing service and Win-Rar to send files for test. Files have to be less than 1 MB (non archived). Files should not be important! Don't send us databases, backups, large excel files, etc. We will decrypt and send you your decrypted files back as a proof! ======================================================================================================================== * WHY DO I NEED A TEST??? This is done so that you can make sure that only we can decrypt your files and that there will be no problems with the decryption! ======================================================================================================================== * HOW TO BUY BITCOINS ??? There are two simple ways to by bitcoins: https://exmo.me/en/support#/1_3 https://localbitcoins.net/guides/how-to-buy-bitcoins Read this information carefully because it's enough to purchase even in large amounts. ======================================================================================================================== !!! ATTENTION !!! !!! After 60 hours the price for your encryption will increase 10 percent each day !!! Do not rename encrypted files. !!! Do not try to decrypt your data using third party software, it may cause permanent data loss. !!! Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.