'.recme File Extension' Ransomware
The '.recme File Extension' Ransomware is an encryption ransomware Trojan that seems to belong to the wave of variants of the Scarab Ransomware family that have been released since April 2018 steadily. The '.recme File Extension' Ransomware was first observed on June 21, 2018, and seems to carry out a predictable version of the encryption ransomware tactic. It seems that the '.recme File Extension' Ransomware is not being distributed widely. Victims of the '.recme File Extension' Ransomware attacks have reported that the infection entered their computers via spam email attachments initially, which will often include embedded macro scripts to download and install this threat onto the victim's computer.
What the '.recme File Extension' Ransomware Does with Your Files
Once the '.recme File Extension' Ransomware has been installed onto the victim's computer, it will use a strong encryption method to make the victim's files inaccessible. The '.recme File Extension' Ransomware will target a wide variety of file types, generally looking for the user-generated files, such as files with the following file extensions:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Once the victim's files have been compromised, the '.recme File Extension' Ransomware will deliver a ransom note. This ransom note will be presented as a text file named 'HOW_TO_RECOVER_ENCRYPTED_FILES.TXT,' which will appear on the infected computer's desktop. Below is the full text of the '.recme File Extension' Ransomware ransom note:
'Your personal ID
[random characters]
Your files, documents, photo, databases and all the rest aren't
are ciphered by the most reliable enciphering.
All information about clients and their personal data was uploaded.
You must have no illusion that you can get out of this situation without our help.
You have two choices:
1. Unsuccessful try to decrypt files and lose them along with the business.
2. Or write to us and pay for the decryption keys and back clients files and.
We are not going to destroy your business. We show the problem on real example.
ATTENTION! If you do not contact us within two days, the decryption keys will be destroyed and
we will send some of files to your clients with information about your disability. They will pay instead of you or we will put all data on the network.
Don't waste time, the cost directly depends on the time of contact with us.
----------------------------------------------------------
You will be able to restore files so:
contact us by e-mail: recfiles@protonmail.com
* report your ID and we will switch off any removal of files
(if you don't report your ID identifier within 48 hours, decrypt key will be lost)
* you send your ID identifier and 2 files, up to 1 MB in size everyone.
We decipher them, as proof of a possibility of interpretation.
also you receive the instruction where and how many it is necessary to pay.
you pay and confirm payment.
after payment you receive the DECODER program. which you restore ALL YOUR FILES.
----------------------------------------------------------
You have 48 hours on payment.
If you don't manage to pay in 48 hours, then the price of interpretation increases twice.
The price increases twice each 48 hours.
To restore files, without loss, and on the minimum tariff, you have to pay within 48 hours.
Address for detailed instructions e-mail: recfiles@protonmail.com
* If you don't waste time for attempts to decipher, then you will be able to restore allfiles in 1 hour.
* If you try to decipher - you can FOREVER lose your files.
* Decoders of other users are incompatible with your data as at each user unique key of enciphering
If it is impossible to communicate through mail
* Be registered on the website http://bitmsg.me (service online of sending Bitmessage)
* Write the letter to the address BM-2cTgGUjqALdcJp2kEhsgUUnhpFPgkikerB with the indication of your mail and the personal identifier and we will communicate.'
Dealing with the '.recme File Extension' Ransomware
The best way to deal with a '.recme File Extension' Ransomware attack is to have file backups stored on the cloud or a peripheral memory device. Computer users should use a dependable security program to remove the '.recme File Extension' Ransomware infection itself. After it is removed, the affected files can be replaced with their backup copies.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.