EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|Threat Level:||100 % (High)|
|First Seen:||September 13, 2017|
|Last Seen:||November 5, 2021|
The Revolution Ransomware is an encryption ransomware Trojan. Ransomware Trojans like the Revolution Ransomware are designed to encrypt the victims' files, rendering them useless effectively. Then, the people responsible for the Revolution Ransomware attack demand the payment of a ransom in exchange for the decryption key or software. Malware researchers advise PC users to take steps to safeguard their data preemptively, since the files encrypted by threats like the Revolution Ransomware may not be recoverable.
A Revolution of Files that Occurs Every Day
The Revolution Ransomware encrypts the victim's files using a strong encryption algorithm and then demands the payment of a ransom in Bitcoins to supposedly provide the decryption key. The Revolution Ransomware encrypts the files in a way that they can be recognized easily because the Revolution Ransomware will add the file extension '.revolution' to each affected file. Once the Revolution Ransomware attack encrypts a file, it will no longer be recoverable. The Revolution Ransomware does not seem to be limited geographically, and it uses a ransom note in English. The Revolution Ransomware delivers a text file named 'InfoFiles.txt,' which is dropped on the infected computer's desktop after infecting the victim's files. This ransom note contains the message:
'All your important files were encrypted on this PC.
All files with .revolution extension are encrypted.
Encryption was produced using unique private key RSA-1024 generated for this computer.
To decrypt your files, you need to obtain private key + decrypt software.
The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet.
To retrieve the private key, you need to contact us by email firstname.lastname@example.org send us an email your InfoFiles.txt file and wait for further instructions.
For you to be sure, that we can decrypt your files - you can send us a 1-2 not very big encrypted files and we will send you back it in a decrypted form free.
To send files you can use xxxx://dropmefiles.com/
Do not waste your time! After 72 hours the main server will double your price!
Your personal id:
E-mail address to contact us:
Reserve email address to contact us:
PC security researchers strongly advise computer users to refrain from following the instructions contained in the Revolution Ransomware's ransom note.
How the Revolution Ransomware may Spread
The Revolution Ransomware can be distributed to victims in several ways, which include the following:
- One common way of distributing the Revolution Ransomware is through unprotected RDP connections (Remote Desktop Protocol). Con artists will search for unprotected access points to online computers or servers, taking advantage of poor passwords and security to install the Revolution Ransomware on the targeted computer.
- The most common way in which threats like the Revolution Ransomware spread is through spam email messages. These may include corrupted file attachments that when downloaded install the Revolution Ransomware. They also may use corrupted embedded links that download a file containing the Revolution Ransomware. The Revolution Ransomware will be downloaded and installed by these spam email messages, which may use social engineering techniques to trick computer users.
- Multiple other methods can be used to deliver the Revolution Ransomware, including fake downloads, unsafe advertisements, websites compromised by exploit kits and numerous others.
Once the Revolution Ransomware has been installed, it will encrypt the victim's files, targeting a wide variety of files, which include music, video, photos, text documents, PDFs, eBooks, configuration files, spreadsheets, databases, and numerous other file types that are user-generated. The Revolution Ransomware will avoid corrupting the files that are necessary for the Windows OS to function (allowing it still displaying its ransom note on the infected computer.)
A Revolution Ransomware infection should be prevented energetically. The leading protection against these threats is to have file backups in an outside storage. This allows a quick recovery of the corrupted files without having to go through the Revolution Ransomware's creators.