The RedAnts ransomware is a newly discovered malware threat, its infections can easily be removed by following our in-depth removal guide.
RedAnts Ransomware Description
RedAnts ransomware is a new virus threat which has its origins in the infamous MafiaWare ransomware based on the Hidden Tear open-source project. Strains such as this one are a known danger as they are essentially a heavily customized version of the original malware family.
The original ransomware originated in Indonesia, being developed by an unknown hacker under the alias of mafia. The threat has undergone several major updates and from them various other offspring viruses emerged.
At the moment we do not have the full list of the affected file types. However we presume that the virus targets the most popular data – documents, databases, music, photos, videos, archives, configuration files and etc.
Like other Hidden Tear viruses the RedAnts one shares some of the common characteristics that are typical for this widely used malware family:
- Customization – This ransomware like other descendants of Hidden Tear and MafiaWare are by definition custom versions.
- Payload Delivery – Many variants such as this one can infect the computer with other dangerous viruses such as banking trojans.
- System Modfication – Viruses like RedAnts ransomware can be used to institute dangerous system changes. They can prevent certain functions from being available to a total lockdown via a screenlocker.
Upon infection the virus starts its encryption engine which targets specific file type extensions. At the moment we do not have the full list of target data, however we presume that the engine processes all important documents, music, videos, photos, confguration files, databases and etc.
At the moment we do not have a ransomware note extracted from the samples as the virus is currently undergoind an in-depth initial security analysis.
After the encryption process is complete the virus applies the .Horas-Bah extension.
The virus is very dangerous to the infected computers as the computer criminals behind it can easily modify the threat. As it turns out in several case scenarios a series of different viruses can cause a much bigger damage impact than a single more powerful ransomware.
This is due to the fact that each individual strain can mask itself until it is discovered by the malware researchers and its signature is added to the relevant databases.
The ransomware is contained in a single executable binary file. At the moment it is still being added to the definition lists of most security vendors. The limited number of captured malware samples show that the virus engine targets the data stored in the infected user folders.
RedAnts Ransomware Distribution
RedAnts Ransomware is primarily distributed via the usual popular methods:
- Email Spam Campaigns – Hackers use phishing campaigns which have a high succesful percentage. The messages include hyperlinks or attachmnents which institute the viral infection upon user interaction. To make the victim click on the messages the criminals make the messages appear as being sent from a government institution, bank or university.
- Infected Software Installers – The virus code is bundled with software installers that feature both applications, games, patches, updates and system utilities.
- Download Sites – Untrusted or hacker-controlled download sites and BitTorrent trackers often distribute dangerous viruses such as the RedAnts Ransomware. The malware poses as famous and well-known programs and games.
- Dangerous Scripts – Malicious browser hijackers and ad networks can lead to virus transmission. Hacker-created browser extensions modify the behaviour of the installed web browsers by changing the default home page, new tabs page and search engine to untrusted sites and portals. They not only invade the privacy of the users by spying on their activity and harvesting the stored information (history, accounts, settings), but also redirect any queries or user commands to hacker-controlled sites which can trasmit the infection.
We expect to see further versions of it in the near future. Known infection sources include several malicious redirects caused by dangerous scripts as well as spam bullk messages.
Summary of the RedAnts Ransomware
| Name | RedAnts Ransomware |
| File Extensions | .Horas-Bah |
| Ransom | Varies |
| Easy Solution | You can skip all steps and remove RedAnts Ransomware ransomware with the help of an anti-malware tool. |
| Manual Solution | RedAnts Ransomware ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
| Distribution | Spam Email Campaigns, malicious ads & etc. |
RedAnts Ransomware Ransomware Removal
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
- 1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
- 1) Open My Computer/This PC
2) Windows 7
- – Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
- – Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
- 1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely RedAnts Ransomware Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
- 1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Encrypted Files
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
How To Restore RedAnts Files
- 1) Use present backups
- 2) Use professional data recovery software
- – Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
- 3) Using System Restore Point
- – Hit WIN Key
– Select “Open System Restore” and follow the steps
- 4) Restore your personal files using File History
- – Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
