Ransomware Red Alert

The Red Alert ransomware was taken public on July 5, 2022 via twitter by MalwareHunterTeam. According to the ransomware’s own website, as of this date, Red Alert had only a single company on its victim list.

The group behind the attacks has used two designations in its operations, Red Alert in its attacks and in its ransom notes, but also ”N13V” internally.

The malware targets VMWare ESXi virtual servers, both Linux and Windows. Red Alert is designed to be used by command line, allowing the threat author to shut down any virtual machines that are active.

The Red Alert ransomware is then able to encrypt the files corresponding to the virtual machines, such as .vmdk disks, SWAP files, blogs and others.

After the encryption process, the ransomware generates a .txt file named ”HOW_TO_RESTORE” with the details about the ransomware procedure. In this document is mentioned the name ”Red Alert”, the ransom amount as well as a link for payment in MONERO cryptocurrency, which is the only currency accepted for the ransom.

The group has been attacking companies, practicing double extortion. This means that before encrypting the data, the Red Alert ransomware is able to steal information about the virtual machine.

This practice is widely used by hackers, allowing the authors of the threat to demand a ransom not only to acquire the decryption key, but also to prevent the release of the stolen data.

The Red Alert ransomware is a new malware with few executed attacks, so it is expected that in the coming days the group will continue to attack more and more companies around the world.

Recover files encrypted by Red Alert ransomware

Digital Recovery has developed a solution that can recover encrypted files without the need to contact the criminals to obtain the decryption key. This solution was developed in-house and makes the recovery of data encrypted by ransomware possible.

For more than 23 years, Digital Recovery has been operating in the market of data recovery in various storage devices, such as Storages, Databases, Virtual Machines, RAID systems, Servers and others.

We also provide our customers with a confidentiality agreement (NDA)

Thanks to our technology, our services can be performed remotely, quickly and securely.

Contact one of our specialists and have your encrypted data recovered immediately.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.