Rever Ransomware
A hurtful threat designed to lock the data of its victims, the Rever Ransomware can leave its victims with few available options. Indeed, the threat is capable of encrypting a wide array of different file types, including documents, PDFs, photos, archives, databases and others. The strong cryptographic algorithm used in the encryption process makes restoring the affected files practically impossible without knowing the correct decryption keys.
Like most malware of this type, Rever also marks the files it encrypts by appending a new file extension to their original names. However, instead of using a word that could be easily associated with the presence of the threat, Rever generates a new random 8-character string for each locked file. Victims also will notice the presence of a new text file named '@@@ To Restore Your Files.txt' on the desktop of the breached system. Inside the file is a ransom note with instructions from the ransomware's operators.
Judging by the ransom-demanding message, the Rever Ransomware appears to be specifically targeted at corporate entities. The hackers claim to have encrypted several computers and servers, obtained sensitive data from them, and deleted any existing backups of the encrypted files. If victims take too long to contact the cybercriminals, their data will supposedly be leaked to the media and on the Dark Web. The attackers provide a single communication channel via qTOX chat.
The full text of Rever Ransomware's note is:
'How To Restore Your Files
* What happend?
Your computers and servers are encrypted, backups are deleted from your network and copied.
We use strong encryption algorithms, so you cannot decrypt your data without us.
But you can restore everything by purchasing a special program from us - a universal decoder.
This program will restore your entire network. Follow our instructions below and you will recover all your data.
If you continue to ignore this for a long time, we will start reporting the hack to mainstream media and posting
your data to the dark web.* What guarantees?
We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests.
All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems.
We guarantee to decrypt one file for free. Go to the site and contact us.
You have three days to contact us otherwise your personal decoder will be deleted and we won't be able to help you!
And your personal data will be public.* How to contact us?
1) Download for TOX CHAT hxxps://tox.chat/download.html
2) Open chatAdd ID Chat: AB4FEBA9CABBD9E98CBF6745592B0E1C34F91492FD8D02AD802F92C893F49B201E24614B556E
Your personal ID:If we did not answer you, leave the chat enabled, the operator will contact you!
=============!!!!!!!!!!!!!!!!!!!!!!!!!=============
DO NOT TRY TO RECOVER FILES YOURSELF!
DO NOT MODIFY ENCRYPTED FILES!OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER!'
