Sunday, June 15, 2025
HomeRansomwareNew RedEye Ransomware Attack Destroy Your Computer If You will Not Pay...

New RedEye Ransomware Attack Destroy Your Computer If You will Not Pay The Ransom

Published on

SIEM as a Service

Follow Us on Google News

Newly Discovered RedEye Ransomware spreading via Twitter and target the victims to encrypt the data and lock the file to demand the ransom amount in Bitcoin.

Also, RedEye Ransomware is capable of destroying the victim’s computer after the warning time to pay the ransom amount.

This New Ransomware variant created by the same author who is behind the Annabelle ransomware that was actively spreading earlier of this year.

- Advertisement - Google News

The name RedEye was named by the ransomware author iCoreX” and this ransomware demands the ransom amount in bitcoin through the Bitcoin wallet ID and the transaction should be made by Onion Payment portal.

RedEye Ransomware threatening the victims through Twitter and it asking to check out a “scary & really nasty” sample.

RedEye Ransomware Attack Vector

Once RedEye compromises the user then it drops a file with the size of 30 MB that contains several media files, specifically images and audio files, embedded in the binary.

A dropped file contains 3  “.wav” files: child.wav, redeye.wav, suicide.wav that play a “creepy” sound and the main intention of the sound to scare the user.

RedEye Ransomware author using few other tricks such as compression and packing to evade the detection.

Once it starts the execution process, initially it will disable task manager and in this iteration, will also hide your drives.

Later it will completely encryption all the victim files using Rijndael-Algorithmus –  AES – 256 Bit encryption algorithm and lock all the disk files.

After the successful completion of the encryption process, it will display the ransom notes with detailed information about what just could be happened in victims computer.

Ransom notes containing complete information about the payment and it demands to pay 0.1 Bitcoin($765 USD) to the given address.

According to the researcher, The ransomware has several options which I won’t be showing here, but in short, it can:
  • Show encrypted files
  • Decrypt files
  • Support
  • Destroy PC
The Destroy PC option shows a GIF as background where you have the option to select “Do it” and “Close”. I won’t display the image however.

All the files RedEye Securely encrypt with AES256 and it appears to overwrite or fill files with 0 bytes, rendering the files useless and add the “.RedEye” Extension in end of all disk files.

It will lock the MBR(Master Boot Record) and destroy the complete system when the user selects  “Do it” Option or the payment time has expired.

The author, iCoreX, claims to have created Jigsaw, Annabelle, and now the RedEye ransomware – whether the former is true or not, I’ll leave in the middle. Researcher said.

Also Read:

Atlanta Police Department Ransomware Incident leads to lost Years Worth of Police Car Dashcam Videos

Police Department Infected Again by Ransomware Attack that Already Locked 1 Year of Work Related Files

New Gandcrab Ransomware Attack Windows Users via Compromised Websites

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM

Cybersecurity professionals and business leaders are on high alert following a confirmed breach of...

Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks

Fog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime:...

Sensata Technologies Faces Disruption Due to Ransomware Attack

Sensata Technologies, Inc., a major technology company based in Attleboro, Massachusetts, has disclosed a...