Threat Database Ransomware Best Recovery Ransomware

Best Recovery Ransomware

By GoldSparrow in Ransomware

The Best Recovery Ransomware is a low-end file-locking threat. The goal of the Best Recovery Ransomware is to encrypt as many files as possible and then attempt to extort the victim for money. If the Best Recovery Ransomware infiltrates your computer, rest assured that it will lock all your images, audio files, documents, archives, databases, spreadsheets, presentations, videos and other filetypes securely.

Propagation and Encryption

It is not clear what is the propagation method utilized by the authors of the Best Recovery Ransomware. Many creators of data-encrypting Trojans opt to distribute their threats by using malvertising campaigns, fake emails that contain macro-laced attachments, torrent trackers, bogus pirated copies of popular applications, fraudulent application updates and downloads, etc. Upon compromising the targeted host, the Best Recovery Ransomware would lock all their data using an encryption algorithm. The locked files' names will be altered because the Best Recovery Ransomware appends a ‘.best_recovery’ extension at the end of the filenames. For example, a file named ‘ivory-goose.jpeg’ will be renamed to ‘ivory-goose.jpeg.best_extension.’

What Does Best Recovery Ransomware Do?

The Best Recovery Ransomware infects all versions of Windows, including Windows Vista, Windows 7, Windows 8, and Windows 10. As a crypt-malware, the ransomware encrypts important documents and other files on the computer and demands a ransom for their return. The ransomware stands out for using powerful cryptography to lock off data, including images, videos, PDFs, documents, and more. Files infected by Best Recovery have the “.best_recovery” file extension, making them easy to spot.

Best Recovery also creates a ransom note called “HOW_TO_RECOVER_DATA.html” on the desktop and in infected folders. The ransom note explains the situation to victims and tells them how they can recover their files. The note says that victims must send the attacker a sum of money in order to receive a decryption tool. The exact amount isn’t displayed in the message, but it generally varies from between $200 and $1,500. The Best Recovery ransom note also warns users against attempting to decrypt files by themselves, saying that it could lead to permanent data loss.

The Ransom Note

After completing the encryption process, the Best Recovery Ransomware would drop a ransom note called ‘HOW_TO_RECOVER_DATA.html.’ The creators of the Best Recovery Ransomware offer two email addresses as a means of communication with the victim – ‘’ and ‘’ The user is urged to send one file to the attackers, which they are willing to unlock free of charge. This is a technique that cyber crooks often utilize – it serves to prove to the victims that their data can be recovered. The authors of the Best Recovery Ransomware have not specified what the ransom fee they demand, but rest assured that it will be a hefty sum, which is not worth paying.

The ransom text reads like the following:

Your files are encrypted!
What happened?
Your files are encrypted, and currently unavailable.
You can check it: all files on you computer has new expansion.
By the way, everything is possible to recover (restore), but you need to buy a unique decryptor.
Otherwise, you never cant return your data.
For purchasing a decryptor contact us by email:
If you will get no answer within 24 hours contact us by our alternate emails:
What guarantees?
Its just a business. If we do not do our work and liabilities – nobody will not cooperate with us.
To verify the possibility of the recovery of your files we can decrypted 1 file for free.
Attach 1 file to the letter (no more than 10Mb). Indicate your personal ID on the letter:

Attempts of change files by yourself will result in a loose of data.
Our e-mail can be blocked over time. Write now, loss of contact with us will result in a loose of data.
Use any third party software for restoring your data or antivirus solutions will result in a loose of data.
Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data.
If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause just we have the private key.

Should I Pay the Ransom?

There is some truth to the threat that infected files can’t be recovered without the decryption too. However, experts always advise against dealing with cybercriminals. There have been many cases where victims didn’t get the decryption tool they were promised, losing their money as well as their data. Paying the hackers always presents a risk. Even if the hackers do comply and provide the necessary tools, paying them will encourage them to keep attacking others. It is best to ignore them, remove the virus, and find some other way to restore data.

How to Restore Data After Ransomware Infection

As mentioned before, criminals tend to disappear after receiving the money, leaving victims without their cash as well as their files. There is only one safe way to restore data after a ransomware infection – to use a data backup. If you don’t have an external backup of your data, then you may be able to use file recovery software.

How to Tell if Your Computer is Infected

The Best Recovery ransomware will make some changes to the Windows registry, establishing persistence and ensuring it is started up alongside Windows. It tampers with essential system files to prevent the computer from functioning correctly and can disrupt drivers and apps. Ransomware disables security programs to avoid detection and removal and make it easier for chain infections. It can also infect your system with other viruses in the process. In general, if your computer is running slower and more sluggish than usual, it could be that you have ransomware on your system.

How Is Best Recovery Ransomware Distributed?

Ransomware, like Best Recovery, has several ways to get on systems. The most common infection vector is the tried and true methods of email spam, gambling websites, porn websites, and P2P networks. It would help if you were vigilant when browsing the internet to avoid ransomware. Be sure to clear emails out of your spam folder and double-check the sender and content of an email before interacting with it. Grammatical errors are a common sign the email comes from an untrustworthy source.

It’s also worth avoiding third-party download sites. These websites lack the security of first-party sites and are breeding grounds for viruses. You go to the site to download software or update and end up with a virus instead. It helps to have robust antivirus and anti-malware protection on your computer too. These will be your first – and best – lines of defense against infection.

If your data has been encrypted by the Best Recovery Ransomware, it is best to ignore the demands of the attackers as there is no guarantee that they will provide you with the decryption key promised, even if you pay up. Instead, consider investing in a genuine antivirus application that will help you remove the Best Recovery Ransomware from your computer safely.


Most Viewed