Redants Ransomware Removal Guide

Do you know what Redants Ransomware is?

Has your operating system been infected with Redants Ransomware? If your personal files now have the unfamiliar “.Horas-Bah” extension attached to them, there is a great possibility that this is the threat that has invaded your operating system. If you take into consideration that most ransomware infections nowadays are spread via spam emails, it is quite possible that this threat will be concealed behind one of the misleading spam emails as well. However, you must remember that cyber criminals can exploit various security vulnerabilities and employ all kinds of tricks to drop malware onto your computer. The worst part is that malware distributors have ways of infiltrating threats without the users’ notice. If you do not notice the malicious launcher right upon its execution, you are unlikely to remove it in time. If you delete Redants Ransomware launcher after it encrypts your personal files, you will not reverse the damage. We have more important information for you regarding this threat, so continue reading.

Redants Ransomware was developed using the Hidden-Tear source code, which is why it is considered to be similar to Payday Ransomware, GhostCrypt Ransomware, Damage Ransomware, and many other threats. These infections are stealthy, and their victims realize that their files were encrypted using the AES cipher only after it is done and the creator delivers a message with more information. Redants Ransomware uses a file called READ_ME.txt to deliver the message. At the time of research, the threat had not been fully developed, and so it is hard to say exactly what kind of message it is meant to deliver, but it is most likely to represent the creator’s email address. If you choose to contact cyber criminals, they then should inform you on how to pay a ransom. Whether the fee demanded in return of a decryption tool or key is small or big (it is more likely to be incredibly big), you should not jump to paying it. Unfortunately, cyber criminals are the ones who are demanding the payment, and who can trust them? After all, if they failed to give you the decryptor after paying the ransom, they could not and would not be held responsible.Redants Ransomware Removal GuideRedants Ransomware screenshot
Scroll down for full removal instructions

Have you backed up any of your personal files before the malicious Redants Ransomware appeared? More and more users choose to keep their personal files online, or they back them up on external drives, which is why we hope that your files are backed up as well. If that is the case, you can remove the threat and then replace the corrupted files with the “.Horas-Bah” extension attached to them with the backup copies. Of course, before you do that, you should do a quick inspection to see which files were corrupted and which ones were not. Also, do not hook up your external drive while the threat is still active because it could also infect backup files. In case you end up losing your files, make sure you set up a backup to ensure that your do not put your personal files in danger in the future.

Have you executed Redants Ransomware yourself by opening a corrupted spam email attachment or executing a bogus installer? If that is the case, do you know where the malicious file is located? If you know this, you need to delete this file right away. If you are not sure about the location of this threat, install an anti-malware tool that will eliminate it automatically. We advise installing this tool if you want to have Redants Ransomware removed along with other active infections.

Delete Redants Ransomware

  1. Locate the malicious [random name].exe file (if you cannot find it yourself, use a malware scanner).
  2. Right-click the file and choose Delete.
  3. Move to the Desktop and Delete the file called READ_ME.txt (the ransom note).
  4. Scan your PC fully to make sure that no other threats are active.

In non-techie terms:

Are you ready to remove Redants Ransomware from your Windows operating system? If the files that this threat has encrypted are very important, and you do not have backups, you might be thinking about paying the ransom first. We have to warn you that paying the fee requested in return of a supposedly existing decryptor is exceptionally risky. Of course, we do not want to advise you against it in case that is your only option at retrieving your personal files. Overall, whatever you choose to do, you must not forget to delete the ransomware. Whether you use the guide above or install reliable anti-malware software, make sure that your PC is completely clean before returning to normal running again.