The Rectot Ransomware is a newly uncovered data-encrypting Trojan. Upon further inspection, it was discovered that the Rectot Ransomware belongs to the widely popular STOP Ransomware (also known as Djvu Ransomware) family.
The propagation method of the Rectot Ransomware is not confirmed yet. However, it is believed that the attackers may be spreading their creation via spam email, fraudulent software updates and corrupted pirated software. Then, the Rectot Ransomware performs a scan of the machine. The idea behind this is to locate the files that this data-locking Trojan would encrypt. The next step is the encryption process itself. The Rectot Ransomware would lock all the targeted files and apply an additional extension to them, '.rectot,' which means that an image originally named 'dark-chocolate.jpeg' will be renamed to 'dark-chocolate.jpeg.rectot' when the encryption is completed. Next, the Rectot Ransomware would drop a ransom note called '_readme.txt.' The note starts with 'ATTENTION!' and then goes on to say 'Don't worry my friend, you can return all your files!' It is ironic that the attackers have the audacity to address their victim with 'my friend' after they just locked all the data of the poor soul affected. Then, they inform the users that they are free to send one file, which they would decrypt free of charge. This is done so that the user would know that the attackers are in possession of the decryption key. The ransom sum demanded is $980, but if the victim pays up within 72 hours, the attackers claim that they will receive a 50% discount, and would have to pay $490 instead. They give out two email addresses where the user should contact them – email@example.com and firstname.lastname@example.org. The attackers also provide a Telegram account @datarestore.
It is not a good idea to contact cybercriminals, let alone pay them. This is why we would recommend you to stay away from them and instead make sure you obtain a reputable anti-malware suite, which would clean your machine from the Rectot Ransomware.