Close

Get in Touch

Contact us to learn more about our elite cybersecurity services and industry-leading technologies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Close
Breachquest

Emergency Incident Assistance

Is your network under attack? Get in touch with a
BreachQuest Specialist right away with this form.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

RedAlert

RedAlert ransomware was public on July 5, 2022, and can spread via RDP configuration hacking, malicious emails, or botnets encrypting Windows and Linux VMWare ESXi servers. The ransomware shuts down any running virtual machines before locking files using command options in RedAlert’s Linux encryptor. The ransomware targets the files corresponding to the virtual machines, such as memory files (.vmem), log files (.log), and virtual disks (.vmdk). The ransomware creates a custom ransom note named “HOW_TO_RESTORE”, including a link to a unique TOR ransom payment site for the victim. Unlike other ransomware, RedAlert exclusively demands payment in Monero cryptocurrency (XMR). The ransomware is called RedAlert because of a string used in the ransom note, however, in the Linux encryptor version, the threat actors internally are calling their operation N13V.

Go Back Go to Glossary index
Share this article:

Sign up for our newsletter to get more industry news and insights.

Related Resources

Organizations Warned of New Lilith, RedAlert, 0mega Ransomware

Learn more