Restoreserver Ransomware

Restoreserver Ransomware Description

The Restoreserver Ransomware has been classified as a crypto locker variant belonging to the Scarab family of ransomware threats. As such, it doesn't deviate much from the typical behavior of a Scarab Ransomware threat. The main differences are the extension appended to the encrypted files and email used to contact the hackers.

When the Restoreserver Ransomware manages to infiltrate a computer successfully, it will proceed to lock all of the files on it via a strong encryption algorithm effectively. Users will no longer be able to access any of their personal or work-related files. All encrypted files' names will be changed drastically by being substituted with a random string of characters followed by the '.restoreserver' extension. The ransom note with instructions for the victims is dropped in every folder containing encrypted data as a text file named 'HOW TO RECOVER ENCRYPTED FILES.TXT.'

According to the ransom note, the Restoreserver Ransomware is capable of affecting the backups created by the default Windows services. The hackers also threaten to delete the decryption key if 48 hours pass without contact from the victims. The email address they provide is '' Victims of the Restoreserver Ransomware are allowed to attach up to 3 files that do not exceed a total size of 10MB to be decrypted for free.

The full text of the ransom note of Restoreserver Ransowmare is:




We have encrypted your important data on your system.

We would like you to know that you cannot restore your data with familiar data recovery methods.

These methods will only waste your time.

However, if you want to use data recovery companies or programs, please do not use your original files,

process and / or have copies of them.

Corruption of master files can cause irreversible damage to your data.

The originals of your encrypted files have been deleted using random data write technique.

Your backups are deleted by writing data to all backups on your NAS Storage and Disks.

If no return is made within 48 hours, the password used in the system will be deleted and your data will never be restored.

Your disks are encrypted with Full disk encryption and unauthorized interference will result in permanent data loss!

Don't believe the people around you

I have enough references to give you confidence

I don't know you, so it doesn't make sense that I have bad feelings for you,

My goal is just to make this desirable income. After your payment

I will connect to your server to restore your data as soon as possible.

To decrypt your data, you can contact us via the following communication channel.

If you want to reach, do not forget to add the code that is specially produced below.

Free decryption as guarantee!

Before paying you can send us up to 3 files for free decryption.

The total size of files must be less than 10Mb (non archived), and files should not contain

valuable information (databases, backups, large excel sheets, etc.).

How to obtain Bitcoins?

* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click

'Buy bitcoins', and select the seller by payment method and price:


* Also you can find other places to buy Bitcoins and beginners guide here: 



* Do not rename encrypted files.

* Do not try to decrypt your data using third party software, it may cause permanent data loss. 

* Decryption of your files with the help of third parties may cause increased price 

(they add their fee to our) or you can become a victim of a scam. 


with email pls send your ip adres :

Your personal identifier:'

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.