Threat Database Ransomware Revolution Ransomware

Revolution Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 4
First Seen: September 13, 2017
Last Seen: November 5, 2021
OS(es) Affected: Windows

The Revolution Ransomware is an encryption ransomware Trojan. Ransomware Trojans like the Revolution Ransomware are designed to encrypt the victims' files, rendering them useless effectively. Then, the people responsible for the Revolution Ransomware attack demand the payment of a ransom in exchange for the decryption key or software. Malware researchers advise PC users to take steps to safeguard their data preemptively, since the files encrypted by threats like the Revolution Ransomware may not be recoverable.

A Revolution of Files that Occurs Every Day

The Revolution Ransomware encrypts the victim's files using a strong encryption algorithm and then demands the payment of a ransom in Bitcoins to supposedly provide the decryption key. The Revolution Ransomware encrypts the files in a way that they can be recognized easily because the Revolution Ransomware will add the file extension '.revolution' to each affected file. Once the Revolution Ransomware attack encrypts a file, it will no longer be recoverable. The Revolution Ransomware does not seem to be limited geographically, and it uses a ransom note in English. The Revolution Ransomware delivers a text file named 'InfoFiles.txt,' which is dropped on the infected computer's desktop after infecting the victim's files. This ransom note contains the message:

'All your important files were encrypted on this PC.
All files with .revolution extension are encrypted.
Encryption was produced using unique private key RSA-1024 generated for this computer.
To decrypt your files, you need to obtain private key + decrypt software.
The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet.
To retrieve the private key, you need to contact us by email send us an email your InfoFiles.txt file and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-2 not very big encrypted files and we will send you back it in a decrypted form free.
To send files you can use xxxx://
Do not waste your time! After 72 hours the main server will double your price!
Your personal id:
E-mail address to contact us:
Reserve email address to contact us:

PC security researchers strongly advise computer users to refrain from following the instructions contained in the Revolution Ransomware's ransom note.

How the Revolution Ransomware may Spread

The Revolution Ransomware can be distributed to victims in several ways, which include the following:

  1. One common way of distributing the Revolution Ransomware is through unprotected RDP connections (Remote Desktop Protocol). Con artists will search for unprotected access points to online computers or servers, taking advantage of poor passwords and security to install the Revolution Ransomware on the targeted computer.
  2. The most common way in which threats like the Revolution Ransomware spread is through spam email messages. These may include corrupted file attachments that when downloaded install the Revolution Ransomware. They also may use corrupted embedded links that download a file containing the Revolution Ransomware. The Revolution Ransomware will be downloaded and installed by these spam email messages, which may use social engineering techniques to trick computer users.
  3. Multiple other methods can be used to deliver the Revolution Ransomware, including fake downloads, unsafe advertisements, websites compromised by exploit kits and numerous others.

Once the Revolution Ransomware has been installed, it will encrypt the victim's files, targeting a wide variety of files, which include music, video, photos, text documents, PDFs, eBooks, configuration files, spreadsheets, databases, and numerous other file types that are user-generated. The Revolution Ransomware will avoid corrupting the files that are necessary for the Windows OS to function (allowing it still displaying its ransom note on the infected computer.)

A Revolution Ransomware infection should be prevented energetically. The leading protection against these threats is to have file backups in an outside storage. This allows a quick recovery of the corrupted files without having to go through the Revolution Ransomware's creators.


Most Viewed