Scroll Top

RedEnergy: A sophisticated Stealer-as-a-Ransomware targeting energy and telecom sectors


LinkedIn pages used as a gateway for RedEnergy’s sophisticated attacks – A new and sophisticated stealer-as-a-ransomware threat known as RedEnergy has recently been discovered, targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines. Researchers from Zscaler have identified RedEnergy as a multifaceted malware that combines data theft with encryption, aiming to cause maximum damage to its victims.

The RedEnergy malware possesses the capability to extract sensitive data from various browsers, enabling the exfiltration of valuable information while simultaneously executing ransomware activities. In a recent analysis, Zscaler researchers Shatak Jain and Gurkirat Singh explained that the cybercriminals behind RedEnergy have integrated different modules into the malware to carry out its malicious operations.

The initial stage of the attack involves a FakeUpdates campaign, also known as SocGholish, which tricks unsuspecting users into downloading JavaScript-based malware disguised as web browser updates. What sets RedEnergy apart is its utilization of reputable LinkedIn pages to target victims. By redirecting users who click on website URLs to a fraudulent landing page, the attackers prompt victims to update their web browsers by clicking on the corresponding icon (Google Chrome, Microsoft Edge, Mozilla Firefox, or Opera). Unfortunately, this action leads to the inadvertent download of a malicious executable.

Once the breach is successful, the malicious binary establishes persistence, conducts the actual browser update, and deploys a stealthy stealer that harvests sensitive information covertly. The stolen files are then encrypted, placing the victims at risk of data loss, exposure, or potential data sale. Zscaler researchers also noted suspicious interactions occurring over a File Transfer Protocol (FTP) connection, suggesting that valuable data may be exfiltrated to infrastructure controlled by the threat actors.

In the final stage of the attack, RedEnergy’s ransomware component encrypts the user’s data, appending the “.FACKOFF!” extension to each encrypted file. To further hinder recovery, existing backups are deleted, and a ransom note is placed in every affected folder. Victims are coerced into paying a ransom of 0.005 BTC (approximately $151) to a specified cryptocurrency wallet in order to regain access to their files. The integration of data theft and ransomware functionalities in RedEnergy marks an alarming evolution in the cybercrime landscape.

This development follows the emergence of a new threat category known as RAT-as-a-ransomware, where remote access trojans (RATs) such as Venom RAT and Anarchy Panel RAT have been equipped with ransomware modules. These modules encrypt files with various extensions, effectively holding them hostage.

Zscaler researchers emphasized the importance of exercising caution while accessing websites, particularly those linked from LinkedIn profiles. They urged individuals and organizations to remain vigilant when verifying the authenticity of browser updates and to exercise caution when confronted with unexpected file downloads. Vigilance in these areas is paramount to protect against such malicious campaigns.

As the RedEnergy threat continues to evolve and target critical sectors, it is crucial for organizations to implement robust security measures and educate their employees about the latest threats in order to mitigate the risk of falling victim to cyber attacks.

However, cybersecurity experts have been tirelessly working to find a solution, and their efforts have paid off.

The comprehensive guide provided at outlines effective countermeasures against RedEnergy’s malicious activities. It offers detailed insights into the inner workings of the malware and provides actionable steps to neutralize its impact.

By following the instructions in this guide, victims of RedEnergy can implement the necessary security measures to regain control of their systems and protect their sensitive data. Additionally, the guide assists in recovering encrypted files, allowing organizations to resume their operations with minimal disruption.

It is crucial for affected individuals and organizations to act swiftly and proactively in response to the RedEnergy threat. By utilizing the resources available at, victims can significantly reduce the potential damage caused by this sophisticated stealer-as-a-ransomware threat.

Remember, time is of the essence when dealing with such cyber threats. Visit today and take the necessary steps to safeguard your systems and recover from the RedEnergy attack. Stay informed, stay protected, and reclaim control of your digital assets.

About is a leading platform providing comprehensive news and analysis on cybersecurity threats, emerging trends, and best practices in the digital realm. With a team of dedicated experts, aims to keep businesses and individuals informed about the ever-changing cybersecurity landscape to ensure a safer online environment for all.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.