Redants Ransomware Removal Guide

We want to inform you about a newly released ransomware-type program called Redants Ransomware. This malicious program is still in development, but it seems that its creators were compelled to release a test version to the public. Its developers distribute it using deceptive methods. If it gets onto your PC, then it will encrypt your personal files but will not ask for a ransom payment because the payment system has not been set up apparently. So, if your PC becomes infected with this ransomware, then there is no way to get your files back. If you want to find out how it works, how it is disseminated and how you can get rid of it, we invite you to read this short article.

While there is no concrete information on how this particular ransomware is currently being distributed, we think that its creators might have resorted to sending this ransomware in emails. The developers must have set up an email server that sends email spam to random email addresses obtained through malicious websites that gather information about their visitors. The emails can appear as legitimate and masquerade as tax return forms, receipts, business correspondence, and so on. If they feature an attached file than the file should be a zipped executable file that might also be disguised as a PDF or Word document. The deceptive emails can trick you into opening the attached file, and Redants Ransomware will infect your PC as a result.

The test file that we tested was named Redants.exe, and it should be placed in the Temp folder if you just open the file archive. However, if you select to extract it, then it should be placed in the Downloads folder. However, this particular version of this ransomware does not create a Point of Execution (PoE), which means that it will not run the next time you start up your computer. Oddly enough, the source code indicates that it tries to connect to a website http://adrut{.}bz/index.php?g0ttrap=, but the reason why it does that is unknown.

Our research has revealed that Redants Ransomware encrypts the targeted file with a unique AES encryption algorithm. This algorithm is very strong and cracking it is a long process which is sometimes even impossible. Obviously, there is no free decryption tool for this particular ransomware. Now, while encrypting your files, it will append them with the ".Horas-Bah" file extension. The list of files this ransomware is capable of encrypting is rather long and, in general, it will target files that are more likely to contain personal and, thus, valuable information. Hence, in addition, the various file formats that it can encrypt, it will also encrypt images, videos, documents, audio files, and so on. So if your PC becomes infected with this ransomware, then you will be in deep trouble. Once the encryption is complete, it will drop a file named READ_ME.txt that has three lines of text that include “Test Ransom,” “123123,” and “my email jaw@jaw.id.” There is no telling whether messaging the cyber criminal will help you get your files back, so we suggest that you delete this program instead.

In conclusion, Redants Ransomware is a dangerous computer infection that can enter your computer by stealth and then encrypt your personal files. Unfortunately, you might not be able to decrypt them because it is a test version, but its distribution channels are limited, so it is a rather rare infection, to begin with. To remove it, all you have to do is delete its main executable from where you launched it, but if you are unable to find it, then we suggest using SpyHunter to detect and remove it for you. These days ransomware is one of the most prevalent malware types out there, so we recommend getting an anti-malware application to protect your PC at all times.

Redants Ransomware Removal

1. Locate Redants.exe (should be located in Downloads folder)
2. Right-click it and click Delete.
3. Delete READ_ME.txt from the desktop.
4. Empty the Recycle Bin.