RedEye is a threat that claims to be an encryption ransomware trojan. However, encryption ransomware trojans are designed to encrypt the victims' data to make it inaccessible and ask the victims for payment in exchange for the decryption key. Instead of encrypting the victim's files, however, RedEye is designed to destroy the affected files completely and irreversibly.
Once infiltrated, RedEye supposedly encrypts data using the AES-256 encryption algorithm and appends filenames with the ".RedEye" extension (e.g., "sample.jpg" is renamed to "sample.jpg.RedEye").
The pop-up window contains a message stating that data is encrypted and that victims must pay a ransom of .1 Bitcoin (currently equivalent to ~$770) to restore it. The payment must be submitted within four days following the encryption (there is a countdown timer in the pop-up), otherwise the computer will supposedly be "destroyed". AES-256 is a symmetric encryption algorithm, which uses a single key to encrypt and decrypt data. Each victim receives a unique key, however, since all keys are stored on a remote server controlled by RedEye's developers, users are encouraged to pay a ransom for their release. Unfortunately, files cannot be restored, even if payment is submitted and the key is received.
If a victim decides not to pay and the timer reaches zero, RedEye will modify the computer Master boot record, thereby making it impossible to properly boot the system. It has a option called destroy pc which opens a window saying,"Suicide isn't a solution."
If the user restarts the computer, it changes the background and changes the volume all the way up.
Step 1: Start the computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During the computer's start process, press the F8 key on the keyboard multiple times until the Windows Advanced Option menu is visible, and then select Safe Mode with Networking from the list.
Step 2: Log in to the account infected with the RedEye virus. Start the Internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected.