Cybersecurity researchers at Netenrich have uncovered a new ransomware group called Red Ransomware Group (Red CryptoApp). This group operates differently from typical ransomware outfits, adding a twist to their extortion tactics.
Unlike most ransomware groups that keep their operations under wraps, Red CryptoApp appears to be taking an aggressive approach. According to Netenrich, the group has established a “wall of shame” where they publish the names of companies they have successfully targeted. This tactic aims to humiliate victims and pressure them into paying the ransom to have their names removed.
Maze Ransomware and Red Ransomware Group
Although the origins of the Red CryptoApp ransomware are yet unknown based on the listing on its dark web leak site, it is believed that the group started their operation in February 2024.
It is also worth mentioning that, researchers have noted some similarities between one of the ransomware notes written by the group and the Maze ransomware gang in 2020. It could be a coincidence; therefore, it is unclear if Red Ransomware Group is a spinoff of the Maze gang which shut down its operation in November 2020.
Netenrich’s blog post offers a technical breakdown of the Red CryptoApp ransomware. While specific details haven’t been widely shared to avoid giving attackers an advantage, the report indicates Red CryptoApp uses file encryption techniques to render a victim’s data inaccessible. In case, a targeted system is successfully compromised its files will add a .REDCryptoApp extension to them.
Targeted Countries and Industries
A look at the Red CryptoApp ransomware gang’s wall of shame, the United States stands as the primary target with five victims in total, followed by various other countries including Denmark, India, Spain, Italy, Singapore, and Canada.
As for the targeted industries, the software and manufacturing sectors emerge as the most frequently targeted industries, with additional focus observed in education, construction, hospitality, and IT sectors.
Preparation Yourself
The emergence of Red CryptoApp ransomware shows how this threat has evolved over the years. Organizations must be prepared to defend themselves against various attack methods.
Netenrich emphasizes the importance of regular data backups, proper security practices, and user education on phishing attempts, which are a common entry point for ransomware attacks.