Ranstop blocks RedEye ransomware

Test subject – RedEye ransomware

RedEye, the ransomware of choice for this article and video, was created by the developers of the infamous Annabelle (also Jigsaw, possibly a few others) and has only one purpose: to bring terror and destruction among its victims. There’s no way around, once your PC is infected, you will lose all your valuable data and possibly the entire system.

RedEye ransomware test facts

This malware stands out from many points of view. First, it’s big. Our sample is ~10MB, but there are reports of RedEye samples having more than 30. There’s a simple reason for this, the executables are embedded with media files meant to intimidate its victims, both visually and sonically. The executables are very well obfuscated as well, with multiple techniques, making detection and analysis difficult. But the most noticeable feature is that it will not encrypt your files as it is written in the ransom note, it simply destroys all of the data, by overwriting them with 0-byte files and appending the .RedEye extension. There’s nothing to pay for, literally, as the contents are simply gone, nothing is encrypted in the end. And there’s even more, like a final blow, if the user does not pay, RedEye will also replace the Master Boot Record, effectively making the system unbootable. All these steps are spiced up with creepy images and sounds.

Instead of a text file containing the ransom note, there’s a ransom app, with a few features. You can verify which files were destroyed in the process, some payment info is also displayed, and there’s a special button for those who cannot or will not pay. It’s called “Destroy PC” and it literally does exactly that. Once pressed (for whatever reason), a Blue Screen Of Death is forced upon the system. Then, once it restarts, instead of the operating system, a sinister text will be displayed, saying that the PC is “terminated”. This is actually true because the MBR is replaced. There’s no way around this step anyway, once the countdown comes to an end, the same thing happens.

The ransom is substantial too, 0.1 bitcoin translates roughly into approx. $750, and you pay for nothing, as there’s nothing to decrypt.

There is, however, something you can do. With Ranstop installed and enabled, very few files are attacked. These are all successfully recovered of course, but because the ransomware tries to alter critical system functions at the same time it destroys user files, it barely touches a few of them before it is terminated and quarantined by Ranstop.

RedEye ransomware test results

TEMASOFT Ranstop detects RedEye ransomware easily once it starts encrypting files. Upon detection, the user is alerted, and the ransomware process is stopped and quarantined. The affected files are automatically recovered so that the user doesn’t lose her important documents.

RedEye is one of the most terrifying ransomware of this year, and hopefully, you will only get to know its destructive force by watching the video below. Install Ranstop on all your systems to make sure you will not lose any data even in the worst case scenario, where RedEye does attack your systems and network.


Click here to watch TEMASOFT Ranstop blocking RedEye ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.


1 reply

Comments are closed.