Recry1 Ransomware

The Recry1 Ransomware is a file-locker that does not appear to belong to any of the ransomware families that have been popular in the past few months. However, this certainly does not mean that this threat should be underestimated – it possesses the ability to encrypt the contents of a large portion of its victim’s files swiftly, and then drop a ransom note whose purpose is to extort them for money – a typical strategy that most ransomware operators employ.

All files that the Recry1 Ransomware locks will have the ‘.recry1’ extension added to their original filename – the file ‘document.xlsx’ would be titled ‘document.xlsx.recry1’ when the Recry1 Ransomware is done with it. After the attack is complete, the threat drops the ransom note ‘decryption_help.txt,’ which explains the situation and provides the victim with an expensive data recovery option.

The authors of the Recry1 Ransomware state that they have used the salsa20/20 encryption to lock the victim’s files, and that they are willing to unlock up to two files free of charge as proof of their credibility. While we advise you to take up on this offer, you should certainly not consider paying money to the attackers – they are likely to want to receive the funds via a cryptocurrency transfer, and this may make it impossible to reverse or track the transaction.

The attackers appear to use the Telegram messaging platform for communication, and their profile is ‘rclsupport.’ This is where you should contact them if you wish to see if they can unlock two of your files for free. After you do this, we suggest that you use the services of a reliable anti-malware scanner to dispose of the Recry1 Ransomware, and then try out alternative data recovery options.