Ransomware Research
Rea Ransomware
Rea is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on April 1, 2023, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Rea
- First Seen
- April 1, 2023
How Rea Ransomware Works
Targeted Files
Full extension -> .id-C63F241F.[aerossh@nerdmail.co].rea
File Encryption Patterns
Rea modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..rea
Ransom Note and Payment Demands
After encrypting files, Rea displays ransom notes demanding payment for file recovery:
info.txt
Ransom message:
notes/info.txt
Note locations:
RootDiscs
Desktop
Info.hta
Ransom message:
notes/Info.hta
Note locations:
StartUp
Technical Indicators
Associated Executable Files
The following executable files are associated with Rea ransomware:
executable.exe
winhost.exe_virus
Elastio Can Help You
Don't let Rea ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Rea ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Rea.
Last updated: July 30, 2025