Understanding REDKAW Ransomware
REDKAW is a newly discovered ransomware variant designed to encrypt victims’ files and demand payment for decryption. It appends the “.redkaw” extension to encrypted files and leaves behind a ransom note titled “HOW-TO-FIX.txt”. The cybercriminals behind REDKAW demand $50 in cryptocurrency, threatening to leak sensitive information if the payment is not made within 24 hours.
Threat Summary
| Feature | Details |
|---|---|
| Name | REDKAW Ransomware |
| Threat Type | Ransomware, Crypto Virus, File Locker |
| Encrypted File Extension | .redkaw |
| Ransom Note | HOW-TO-FIX.txt |
| Cybercriminal Contact | gniomhara@proton.me |
| Ransom Amount | $50 |
| Payment Methods | Bitcoin, Ethereum, Litecoin, USDC, USDT |
| Detection Names | Avast (FileRepMalware [Misc]), CTX (Exe.trojan.redcap), ESET-NOD32 (A Variant Of Generik.HRDOOOY), Kaspersky (UDS:DangerousObject.Multi.Generic), Microsoft (Trojan:Win32/Leonem) |
| Symptoms of Infection | Files are inaccessible and have a .redkaw extension, ransom note appears, inability to open previously functional files, ransom demand displayed on desktop |
| Distribution Methods | Phishing emails, malicious ads, torrents, pirated software, infected email attachments, software vulnerabilities |
| Potential Damage | File encryption, data theft, financial loss, risk of further malware infections |
| Danger Level | High |
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
How REDKAW Ransomware Works
- Infiltration: REDKAW is typically spread through phishing emails, malicious ads, and compromised software.
- Encryption: It scans the infected system for files and encrypts them using an unknown encryption algorithm, appending the “.redkaw” extension.
- Ransom Demand: After encryption, it drops a text file (HOW-TO-FIX.txt) with ransom payment instructions.
- Threat of Data Exposure: The note claims that sensitive data has been stolen and will be leaked unless the ransom is paid within 24 hours.
Text of REDKAW Ransom Note (HOW-TO-FIX.txt)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R E D K A W
YOUR SYSTEM HAS BEEN COMPROMISED!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your files have been encrypted and all your private information has been stolen. If you don't take action now, your entire digital world will be destroyed.
-----------------------------------------
Ransomware ID: REDKAW-2024-USS33993FW0
-----------------------------------------
--- What has happened:
- All your documents, photos, databases, and files have been encrypted with an unbreakable encryption algorithm.
- Sensitive information, such as passwords, browsing history, private data, and any other relevant content, has been extracted and stored on a secure server.
--- What you need to do:
To recover your data and avoid the massive leak of your information, you must pay a ransom of **$50 USD** to one of the following cryptocurrency wallets:
Bitcoin Wallet:
3MEi6jfVxHuTVSAs8EcmCvSt46b3Yyj4Cd
Ethereum Wallet:
0x5546a6c439Cb82aBe7C4F168532c46FDA1CF56fF
Ltc:
MC2mAUyTpvN59CdjNwLFfXgXReonMqgykE
USDC:
0x3f0B164163Ca4ca34ccd629083a6854B5d63Eee8
USDT:
0xA405f18958C9761234856611b680410b0B7c2d16
You have **24 hours** to complete the payment. If time runs out, your data will be published on dark web forums.How to Remove REDKAW Ransomware?
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
Step 1: Boot Your PC in Safe Mode with Networking
- Restart your PC and press F8/F12 (for older versions) or hold Shift + Restart (Windows 10/11).
- Select Safe Mode with Networking.
Step 2: Use SpyHunter to Scan and Remove REDKAW
- Download SpyHunter.
- Install the tool and run a full system scan.
- Allow SpyHunter to detect and remove REDKAW and any associated malware.
Step 3: Restore Your Files from Backups
If you have cloud backups or offline backups, restore your files from there. Avoid paying the ransom.
Step 4: Check for Backdoors and Other Infections
- Run a secondary malware scan (e.g., Malwarebytes, HitmanPro).
- Check for suspicious startup entries via Task Manager (Ctrl + Shift + Esc > Startup Tab).
Preventive Measures to Avoid Future Ransomware Attacks
Regular Data Backups
Maintain backups on offline storage or cloud services like Google Drive or OneDrive.
Avoid Suspicious Emails and Links
Do not open unexpected attachments or click on unknown links.
Use Reliable Security Software
Install and keep SpyHunter updated.
Enable Firewall and Security Features
- Keep Windows Defender Firewall ON.
- Use email security filters.
Avoid Downloading Cracked Software
Do not download files from torrents, third-party sites, or pirated platforms.
Keep Your System Updated
Regularly update Windows, software, and security patches to prevent vulnerabilities.
Final Thoughts
REDKAW ransomware is a severe threat that can encrypt and potentially leak sensitive files. It is crucial to remove the infection as soon as possible using SpyHunter or another reputable anti-malware tool. Never pay the ransom, as cybercriminals may not provide the decryption key. Instead, focus on removing the ransomware, restoring backups, and implementing preventive security measures to avoid future infections.
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
