Redmat Ransomware - How to remove

Redmat is a file-encrypting virus which threatens that your files will never be restored unless you pay a sum of hundreds of dollars to the criminals who developed and released Redmat.

Redmat is another member of the very aggressive and persistent STOP/DJVU family of ransomware viruses. New versions keep being released, and Redmat is one of the newer ones. With no end for DJVU in sight, it’s very important to be aware of ransomware, how it works, and how it’s distributed.

How to recognize a Redmat infection?

You know that you’ve been attacked by Redmat when you notice that your files, which no longer open and cannot be viewed, have been renamed by appending .redmat to their old names. Redmat doesn’t just add a suffix to the file names, it completely scrambles the bits that make up the files.

Files including pictures, music, films, documents, databases, and others are encrypted using genuinely strong encryption which cannot be broken with the technology that we have available. The files encrypted are expected to be very important to people. Things like photos of our family and pets, or an important school project. The encryption isn’t a joke. It’s unfortunate that Redmat’s developers abuse it for criminal gains.

Redmat creates a ransom note (called _readme.txt) with a standard message that almost hasn’t changed from the other variants of STOP/DJVU: DJVU, Drume, and Kroput.

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we .tl/t-7AKxZTQTdy
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Our Telegram account:
@datarestore

Redmat’s developers provide contacts: two e-mail addresses and a Telegram account: [email protected], [email protected], @datarestore. The extortionists behind Redmat want people to contact them quickly so that they don’t spend time looking for other solutions to get back their files or checking their backups. They even offer a “reduced” price of $490 for those who write quickly. And the criminals’ currency of choice is Bitcoin, transactions of which are designed to be irreversible, so there’s no way to get your money back once you’ve paid.

redmat ransomware

How does Redmat spread?

Generally, ransomware is distributed by targeting specific organizations, businesses, companies and hacking their RDP (Remote Desktop Protocol) by brute-forcing their passwords. However, Redmat seems to be more relevant to individual users who only have their home computers since the distribution methods chosen by the developers of Redmat are most likely to affect people using their computers for personal purposes.

Redmat can hide in fake installers and updaters. Fake online security warnings try to trick people to install software that they don’t want by impersonating a trusted authority. Sometimes the promoted program is a relatively harmless fake optimizer. Other times it’s a cryptovirus, possibly even distributing a more serious virus, like a Trojan.

Pirated software and software cracks can carry Redmat, too. This type of ransomware distribution is convenient for the criminals because the person who gets the file is very likely to run it and, if their antivirus program detects the file, they might just dismiss the warnings.

Redmat can arrive included with malicious spam e-mails. These e-mails sometimes have a file attached, other times — a link to a downloadable file. The file needs to be run by someone who has access to the computer, so the malicious e-mail tends to have text that would urge the recipient to check out the file. These e-mails are usually sent in bulk to a multitude of people and aren’t targeted at anyone in particular. When they are targeted, it’s called spear phishing and it can be quite convincing.

How to remove Redmat

In order to remove Redmat and any other malware, the infected computer should be scanned with Spyhunter, or another trustworthy antivirus application.

If you are unable to access some websites, check this guide on how to undo the changes that Redmat made.

No free, independent decryptor has been developed for Redmat, but a security researcher Michael Gillespie is continually developing a decryption tool called STOPDecrypter, which might decrypt some of the Redmat-encrypted files.

The most important thing to do to protect your files is to create a backup. Copy your most important files and store them on multiple storage devices, or back up the whole machine by creating system images. If you have complete, up-to-date backups, you don’t need to fear a ransomware infection.


Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

How to recover Redmat Ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:


for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode
 

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again.CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before Redmat Ransomware has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3
 

Step 2. Complete removal of Redmat Ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to Redmat Ransomware. You can check other tools here.  

Step 3. Restore Redmat Ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Redmat Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
Previous version
b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover Redmat Ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download a data recovery program.
  • Install and scan for recently deleted files. Data Recovery Pro
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.
Leave a Reply

Your email address will not be published. Required fields are marked *