The Red Alert ransomware was taken public on July 5, 2022 via twitter by MalwareHunterTeam. According to the ransomware’s own website, as of this date, Red Alert had only a single company on its victim list.
The group behind the attacks has used two designations in its operations, Red Alert in its attacks and in its ransom notes, but also ”N13V” internally.
The malware targets VMWare ESXi virtual servers, both Linux and Windows. Red Alert is designed to be used by command line, allowing the threat author to shut down any virtual machines that are active.
The Red Alert ransomware is then able to encrypt the files corresponding to the virtual machines, such as .vmdk disks, SWAP files, blogs and others.
After the encryption process, the ransomware generates a .txt file named ”HOW_TO_RESTORE” with the details about the ransomware procedure. In this document is mentioned the name ”Red Alert”, the ransom amount as well as a link for payment in MONERO cryptocurrency, which is the only currency accepted for the ransom.
The group has been attacking companies, practicing double extortion. This means that before encrypting the data, the Red Alert ransomware is able to steal information about the virtual machine.
This practice is widely used by hackers, allowing the authors of the threat to demand a ransom not only to acquire the decryption key, but also to prevent the release of the stolen data.
The Red Alert ransomware is a new malware with few executed attacks, so it is expected that in the coming days the group will continue to attack more and more companies around the world.
Recover files encrypted by Red Alert ransomware
Digital Recovery has developed a solution that can recover encrypted files without the need to contact the criminals to obtain the decryption key. This solution was developed in-house and makes the recovery of data encrypted by ransomware possible.
For more than 23 years, Digital Recovery has been operating in the market of data recovery in various storage devices, such as Storages, Databases, Virtual Machines, RAID systems, Servers and others.
We also provide our customers with a confidentiality agreement (NDA)
Thanks to our technology, our services can be performed remotely, quickly and securely.
Contact one of our specialists and have your encrypted data recovered immediately.