Rans_recovery Ransomware

By GoldSparrow in Ransomware

Translate To:

The Rans_recovery Ransomware is a file encryptor Trojan. Unfortunately, once the Rans_recovery Ransomware encrypts the targeted files, they will become unrecoverable. This is why it is imperative to have file backups on the cloud or an external memory device. Having the means to recover the damaged files from a backup is the best protection against a ransomware infection since it impairs the criminals' threats and ransom demands ultimately. An anti-malware application also should be used to remove the Rans_recovery Ransomware infection and block this and other threats from entering your machine.

The Rans_recovery Ransomware delivers a ransom note that could be located in a file called Recovery.txt.' In the ransom note, the cybercriminals do not mention a specific ransom amount. Instead, they ask to be contacted via the email address rans_recovery@aol.com. The ransom note says that the victims need to contact them to receive instructions on how to process the payment required and decrypt some files for free. They usually offer to decrypt unimportant files so the victims can be sure they will get a working decryption tool.

However, contacting cybercriminals is not a safe decision. Even though they can decrypt some files, this does not guarantee that the remaining damaged data will have the same treatment. The majority of ransomware victims never receive the decrypt software promised to them, even after paying the ransom fee demanded. A reputable anti-malware software can remove the Rans_recovery Ransomware from your machine and keep it safe in the future.

Below you will find the ransom message that the Rans_recovery Ransomware will present to its victims:

'~~~ Hello! Your company has been hacked! ~~~
>>>> Your data are stolen and encrypted
>>>> What guarantees that we will not deceive you?
We are not a politically motivated group and we do not need anything other than your money.
If you pay, we will provide you the programs for decryption and we will delete your data.
Life is too short to be sad. Be not sad, money, it is only paper.
If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future.
Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment.
>>>> You need to contact us by email rans_recovery@aol.com and decrypt some files for free
>>>> Your personal ID:
-
>>>> Provide your personal ID in the email
>>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems!
>>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!'

1 Comment

ShadowEO 2 months ago Reply

I was the person who originally uploaded this sample to VirusTotal, contrary to what the usual clickbait sites say the ransomware absolutely did NOT come from a website or phishing scam, it was deployed manually by actors who had already infiltrated the network and had planted the ransomware there and then ran it themselves. TL;DR, if you find this sample on your machines, AUDIT YOUR NETWORK IMMEDIATELY.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Rans_recovery Ransomware

1 Comment

Submit Comment

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen