‘.RECOVERYOURFILES File Extension’ Ransomware

Posted: August 1, 2018

‘.RECOVERYOURFILES File Extension’ Ransomware Description

The '.RECOVERYOURFILES File Extension' Ransomware is a file-locker Trojan that may use encryption or other methods of blocking your opening of documents, images and similar media. Infections also cause the associated files to receive new extensions, as per the Trojan's name and may create Notepad text messages with extortionist decryption instructions. However, other solutions for data retrieval may be available, and modern anti-malware applications should remove the '.RECOVERYOURFILES File Extension' Ransomware securely before its attacks begin.

The 'Important' Information that You might Want to Ignore

Victims are just starting to report attacks by a file-locking Trojan of an unknown origin, which may be a version of Hidden Tear or another, open-source threat with data-encrypting capabilities. The '.RECOVERYOURFILES File Extension' Ransomware is targeting content such as documents, particularly Adobe's PDF format, with an encryption routine that can block the files from opening until the victim pays or uses another recovery method. Malware researchers also are hesitant about ruling out other symptoms, such as changes to the desktop or pop-ups, that the '.RECOVERYOURFILES File Extension' Ransomware also could be implementing.

The '.RECOVERYOURFILES File Extension' Ransomware targets media as specified above with a file-locking routine that it claims as being a traditional, two-layered setup of both AES and RSA algorithms. Whether or not this statement is true, the encryption prevents the file from opening properly, along with the Trojan's providing the extension in its name for identifying what's up for ransom. It also creates so-called 'Important Information' ransoming messages in Notepad's native format, which gives the victim an ID number and an e-mail address for negotiating on paying the ransom for the unlocking solution.

While the '.RECOVERYOURFILES File Extension' Ransomware bears the most resemblance, so far, to freeware Trojans like EDA2 and Hidden Tear, malware experts can't confirm any familial relationships or infection exploits in use within its campaign. The Trojan could be attaching itself to e-mail documents, disguise itself inside of a free, file-sharing network, or benefit from the drive-by-download features of EKs like the Nebula Exploit Kit. Some remote attackers also use brute-force attacks for compromising servers and remotely installing the threats of their choice.

The Recovery Choices that Trojans Like to Hide

The resemblance that the '.RECOVERYOURFILES File Extension' Ransomware bears to past threats may be coincidental, and any users shouldn't assume that any cosmetic symptoms, such as its ransom message, are necessarily good clues of its identity. The non-ransom-based ways of restoring your files that malware researchers are recommending include:


  • Not all file-locking Trojans can erase the default backups that Windows creates automatically. Search in the Windows taskbar for the 'Reset this PC' feature. During the process, you'll be offered to choose between options for resetting the PC with all files retained or removed.
  • Since some Trojans do delete the Windows Shadow Copies and associated backups, malware researchers encourage keeping additional reserves. Detachable devices, such as an extra USB, or Web 'cloud' services are two of the safest options available.
  • Free decryptors are on offer by various PC security organizations for different families of file-locker Trojans, including Hidden Tear, Stupid Ransomware (or FTSCoder), and the Scarab Ransomware. Always create a spare copy before attempting any decryption routine that could backfire and damage the file.

All of these solutions are, however, less preferable than blocking infections with appropriate anti-malware protection. A majority of anti-malware tools should delete the '.RECOVERYOURFILES File Extension' Ransomware as a threat to your PC without needing any assistance, other than being permitted to scan the file when the user downloads it.

The '.RECOVERYOURFILES File Extension' Ransomware's campaign is young, and many of its features and infection routes are unexplored. However, if it's anything like the other file-locking Trojans that malware experts catch, it's only taking advantage of those who invite it into their computers with their poor safety habits.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to ‘.RECOVERYOURFILES File Extension’ Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware ‘.RECOVERYOURFILES File Extension’ Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.