RedEye ransomware
| File:RedEye.png File:RedEye interfaz.jpg File:Patalla RedEye.png | |
| Classification | Ransomware (false) Wiper |
|---|---|
| Type | Ransomware (false) Wiper |
| Subtype | Ransomware (false) Wiper |
| Author(s) | iCoreX |
| Operating system(s) affected | Microsoft Windows |
| Filesize | 35 MB |
RedEye is a virus that pretends to encrypt the files of a computer to charge a ransom.
Interface
When running RedEye for the first time, the operating system is immediately restarted. When the PC completes the restart, RedEye shows its interface.
RedEye shows the IP address of the computer, the ID of the user, the remaining time, a language selector, the bitcoin received, the button to check the payment, and the bitcoin address to pay, along with a menu with the options "home", "encrypted files", "decrypted files", "support" and "destroy PC".
In the interface we can see the following message:
All your personal files has been encrypted with an very strong key by RedEye!
(Rijndael-Algorithmus - AES - 256 Bit)
The only way to get your files back is:
- Go to http://redeye85x9tbxiyki.onion/tbxlyki
- Enter your personal ID and pay 0.1 bitcoins to the address below!
- After that you need to click on "check payment".
- Then you will get a special key to unlock your computer
You got four days, when the time is up,
then your PC will be fully destroyed!
References
This article "RedEye ransomware" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:RedEye ransomware. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
