Home Malware Programs Ransomware Recoverydatas Ransomware

Recoverydatas Ransomware

Posted: November 10, 2020

The Recoverydatas Ransomware is a file-locking Trojan that's part of the Scarab Ransomware family's Ransomware-as-a-Service. The Recoverydatas Ransomware can block media files with encryption, change their names to random characters, and extort money through text ransom notes. Users with adequate backup precautions can recover from any attacks affordably, and all Windows users should block and remove the Recoverydatas Ransomware with credible anti-malware utilities.

Another Beetle with a Lasting Bite

The Scarab Ransomware family might have another Russian campaign ongoing, although its payload leaves room for speculation. Malware experts can confirm this variant from November as the Recoverydatas Ransomware, with appropriately-customized extensions on its hostage files. Although its generic ransom note asserts that the victim suffers from a 'security problem,' this description is an understatement for a scenario involving the wide-scale blocking of most data.

The Recoverydatas Ransomware's family is a Ransomware-as-a-Service group that, unlike most threats, matches its language to the planned target, with differing variants displaying Russian or English-language warnings. Symptomatically, malware researchers deem the Recoverydatas Ransomware similar to the Restoreserver Ransomware, the Li Ransomware, the Scarab-Barracuda Ransomware, the Scarab-Cybergod Ransomware and others. It blocks documents and other media with a secure encryption routine, counters various security features with command-line features, and deletes the Restore Point backups.

Although users may struggle with identifying specific files, due to the Recoverydatas Ransomware's using a Base64-encoding routine on their names, the extensions will include references to the Recoverydatas Ransomware. The only known means of recovering the files requires the threat actor's help, which an accompanying ransom note explains. Malware experts confirm that the Recoverydatas Ransomware belongs to the English side of the family and that the threat actor uses a Russian e-mail domain, which may be notable for its distribution.

Media Recovery without the Steep Price

Windows users at risk from the Recoverydatas Ransomware's campaign should avoid illicit or disreputable download resources, like torrents, which make up a not-insignificant source of file-locker Trojans' attacks. Malware experts also see infection vectors involving fake e-mail attachments, such as Coronavirus updates or invoices, targeting workplace employees in various sectors. Lastly, proper password management is a non-negotiable element in optimal server and network security, without which, attackers may gain system access and install the Trojan themselves.

There aren't any free unlocking solutions for the Scarab Ransomware family, which also goes for new updates like the Recoverydatas Ransomware, just as much as old ones. However, the Restore Points and local backups are traditional targets of deletion or encryption attacks. Most users should place their backups on other devices for safety's sake and recovery without a ransom.

Paying the ransom may or may not provoke any promised help from the threat actor, and Ransomware-as-a-Services often are unpredictable on the transaction end. Still, most anti-malware programs for Windows should delete the Recoverydatas Ransomware, which has an ineffective detection-avoidance rate.

The Recoverydatas Ransomware might be after Russian victims or Windows users anywhere else in the world. Ultimately, encryption is a nationality-indiscriminate mechanism and one that can turn anyone's files into hostages, as long as they're careless.

Loading...