Restore Your Computer From Active RedAnts Ransomware Infections (In-Depth Removal Guide)

The RedAnts ransomware is a newly discovered malware threat, its infections can easily be removed by following our in-depth removal guide.

RedAnts Ransomware Description

RedAnts ransomware is a new virus threat which has its origins in the infamous MafiaWare ransomware based on the Hidden Tear open-source project. Strains such as this one are a known danger as they are essentially a heavily customized version of the original malware family.

The original ransomware originated in Indonesia, being developed by an unknown hacker under the alias of mafia. The threat has undergone several major updates and from them various other offspring viruses emerged.

At the moment we do not have the full list of the affected file types. However we presume that the virus targets the most popular data – documents, databases, music, photos, videos, archives, configuration files and etc.

Like other Hidden Tear viruses the RedAnts one shares some of the common characteristics that are typical for this widely used malware family:

  • Customization – This ransomware like other descendants of Hidden Tear and MafiaWare are by definition custom versions.
  • Payload Delivery – Many variants such as this one can infect the computer with other dangerous viruses such as banking trojans.
  • System Modfication – Viruses like RedAnts ransomware can be used to institute dangerous system changes. They can prevent certain functions from being available to a total lockdown via a screenlocker.

Upon infection the virus starts its encryption engine which targets specific file type extensions. At the moment we do not have the full list of target data, however we presume that the engine processes all important documents, music, videos, photos, confguration files, databases and etc.

At the moment we do not have a ransomware note extracted from the samples as the virus is currently undergoind an in-depth initial security analysis.

After the encryption process is complete the virus applies the .Horas-Bah extension.

The virus is very dangerous to the infected computers as the computer criminals behind it can easily modify the threat. As it turns out in several case scenarios a series of different viruses can cause a much bigger damage impact than a single more powerful ransomware.

This is due to the fact that each individual strain can mask itself until it is discovered by the malware researchers and its signature is added to the relevant databases.

The ransomware is contained in a single executable binary file. At the moment it is still being added to the definition lists of most security vendors. The limited number of captured malware samples show that the virus engine targets the data stored in the infected user folders.

RedAnts Ransomware Distribution

RedAnts Ransomware is primarily distributed via the usual popular methods:

  • Email Spam Campaigns – Hackers use phishing campaigns which have a high succesful percentage. The messages include hyperlinks or attachmnents which institute the viral infection upon user interaction. To make the victim click on the messages the criminals make the messages appear as being sent from a government institution, bank or university.
  • Infected Software Installers – The virus code is bundled with software installers that feature both applications, games, patches, updates and system utilities.
  • Download Sites – Untrusted or hacker-controlled download sites and BitTorrent trackers often distribute dangerous viruses such as the RedAnts Ransomware. The malware poses as famous and well-known programs and games.
  • Dangerous Scripts – Malicious browser hijackers and ad networks can lead to virus transmission. Hacker-created browser extensions modify the behaviour of the installed web browsers by changing the default home page, new tabs page and search engine to untrusted sites and portals. They not only invade the privacy of the users by spying on their activity and harvesting the stored information (history, accounts, settings), but also redirect any queries or user commands to hacker-controlled sites which can trasmit the infection.

We expect to see further versions of it in the near future. Known infection sources include several malicious redirects caused by dangerous scripts as well as spam bullk messages.

Summary of the RedAnts Ransomware


Name
RedAnts Ransomware

File Extensions
.Horas-Bah

Ransom
Varies

Easy Solution
You can skip all steps and remove RedAnts Ransomware ransomware with the help of an anti-malware tool.

Manual Solution
RedAnts Ransomware ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

Distribution
Spam Email Campaigns, malicious ads & etc.

RedAnts Ransomware Ransomware Removal

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely RedAnts Ransomware Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of RedAnts Ransomware requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete RedAnts Ransomware ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

How To Restore RedAnts Files

    1) Use present backups
    2) Use professional data recovery software

      Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps


restore-files-using-system-restore-point

    4) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar

    restore-your-personal-files-using-File-History-bestecuritysearch

      – Hit the “Restore” button

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *