Recry1 Ransomware

The Recry1 Ransomware is a recently detected file-encryption Trojan circulating the Internet. Like most ransomware threats, the end goal of the attackers is to extort money from you. This is achieved by sneaking their creation onto your system, having it locking your data and then asking for payment in exchange for supplying you with a tool that is meant to decrypt the files locked. However, they often fail to hold up their end of the bargain.

It is believed that the Recry1 Ransomware is being spread via fraudulent updates, pirated applications and email campaigns with infected attachments. When the Recry1 Ransomware gains access to your PC, it will begin scanning it for the file types it targets. After being detected these files will be encrypted. The attackers claim they apply the salsa20/20 encryption algorithm, which generates a new key for each, individual victim. Upon locking down your files, the Recry1 Ransomware would add its extension to them - '.recry1.' For example, if before the attack a document you had was called 'may-taxes.pdf,' after the attack it would be called 'may-taxes.pdf.recry1,' and you will no longer have access to it. Then, the Recry1 Ransomware would proceed to the next step – dropping the ransom note. The note goes by the name 'decryption_help.txt.' In the note, the authors of the Recry1 Ransomware offer the victims to provide them with two small in size files, which have been encrypted, and the attackers would unlock them for free so that they prove they are in possession of the decryption tool. Usually, ransomware authors give out an email address where the victim would be able to get in touch, but in the case of the Recry1 Ransomware, the attackers have requested to be contacted via Telegram instead – https://t.me/rc1support.

It is never a good idea to contact or attempt to bargain with cybercriminals. They are experienced in tricking people and lack scruples. You will likely be tricked into paying them cash and may not receive anything in return despite their endless promises. A recommended approach would be to download a reputable anti-spyware application and let it wipe your system clean instead.