RedAlert ransomware or N13V ransomware targets both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The ransomware is named after a string in the ransom text, but the threat actors internally refer to it as N13V, which is the original name of this threat. It uses NTRUEncrypt public-key encryption algorithm to encrypt its victim files. Only other known ransomware operator that uses NTRUEncrypt is FiveHands Ransomware
. It ask ransom payment in Monero (XMR).
RedAlert N13V Ransomware Signatures
RedAlert N13V Ransomware Download