Some security researchers have recently spotted a new malware called RedEnergy. This, classified as Stealer-as-a-Ransomwareis rapidly spreading on the net, creating considerable concern among users and insiders.
To favor the spread of ransomware there is also an ingenious and treacherous strategy implemented by cybercriminals. We talk about fake browser updatesadvertised through pop-up e bannerwhich push the user towards the download of a payload harmful.
The modular nature of RedEnergy then makes this malevolent agent capable of adapting to the context in which it is located, behaving like a common infostealer or as a more refined ransomware depending on the case.
There are many browsers potentially involved in this type of attack. We talk about Chrome, Edge, Firefox e Opera. Once the fake update has been downloaded, the user locates four files among the downloads, one of which turns out to be the aforementioned payload.
Once activated, this starts the actual infection complete with an offensive message appearing on the screen.
RedEnergy alert: a ransomware capable of infecting the most popular browsers on the market
RedEnergy tends to encrypt victim’s files, adding an extension .FACKOFF to all locked files. Through a text file (i.e read_it.txt) a ransom is then demanded as per practice for this type of attack.
Furthermore, malicious software modifies the file desktop. ini, which contains basic settings for file system folders. This way, the malware can alter the appearance of folders, making it easier to hide its activities on the system.
As we have already mentioned, however, RedEnergy is not just a ransomware: this, in fact, is also able to steal data from the aforementioned browsers. Potentially cybercriminals can gain access to personal informations, financial datarecords related to browsing sessions and not only.
As with other types of threats on the Web, a prevention strategy is also important with this malicious agent.
Use a antivirus reliablekeep the same updated it is therefore essential. Rely only on updates coming from official sites of browsers substantially increases the level of user security.
