Berost Ransomware

The STOP Ransomware project has been very active recently, and cybersecurity experts have had to analyze a long list of file-lockers based on the STOP’s source code. One of the latest entries to the STOP Ransomware family tree is the Berost Ransomware – a file-encryption Trojan that targets documents, images, archives, spreadsheets, databases, videos, audio and other file types. Whenever the Berost Ransomware locks a file, it will add the ‘.berost’ extension to its name.

Victims of the Berost Ransomware may be in a very unfortunate situation because there is no known free way to decrypt the files locked by this ransomware – some 3rd-party data recovery utilities might be able to help with the recovery of the files, but these methods lead to a full recovery rarely. The only guaranteed way to get your files back is to restore them from a backup – if you do not own a backup copy of your files, then there is a chance that some of your files have been damaged irreversibly.

The ransom note file that the Berost Ransomware uses is titled ‘_readme.txt,’ and it is placed on the desktop after the attack. It reveals that the attackers want to receive a ransom payment in exchange for their decryption services, and they urge their victims to contact them by messaging gorentos@bitmessage.ch or vengisto@firemail.cc. Unfortunately, messaging the attackers and cooperating with them is not likely to end well for you – even if you send them the money they ask for, there is no guarantee that they will not opt to trick you and take your money.

The advice to users affected by the Berost Ransomware’s attack is to use an ant-virus scanner to get rid of the threatening program immediately. After the Berost Ransomware is eliminated, they can try the data recovery options we mentioned earlier.