Threat actor promoted new version of Redeemer on hacker forums
A threat actor is promoting a new version of “Redeemer’, a free-to-use ransomware builder on hacker forums. Through this, the threat actor is opening up a gateway for unskilled threat actors an easy entry to the world of encryption-backed extortion attacks.
The author states that the new 2.0 release was written entirely in C++ . It works on Windows Vista, 7,8,10, and 11, featuring multi-threaded performance and a medium AV detection rate.
The Redeemer ransomware builder can be downloaded and used by anyone to launch their own attacks. This cannot be done in many Ransomware-as-a-service (RaaS) operations. When a victim decides to pay the ransom, the threat actor receives 20 percent of the fees. The actor then shares the master key to be combined with the private build key held by the affiliate for decryption.
Additonally, the new version features a fresh Graphical User Interface for the affiliate to build the ransomware executable and decryption tool. All the instructions on how to use it are enclosed in ZIP.
The author also mentioned that the project will go open-source if they lose interest. This was exactly what that happened with Redeemer 1.0 back in the month of June 2021. The threat actor publicly released the source code of Redeemer 1 during that time.
Projects like Redeemer presents a low bar of entry to the ransomware space for many cybercriminals. This also includes low skilled threat actors.
Lower-tier hacker usually lack the skills to find initial access points on valuable corporate networks. However, they can still facilitate damage to many vital but inadequately protected entities, like healthcare and small business.
It seems that chances of adoption of this new ransomware is not quite high. However, if the project fails, the promise of releasing the source code creates the chance of new projects coming up based on Redeemer source code.