Ransomware ELF

Uptycs researchers have recently discovered a new ransomware that attacks Linux systems. Its name, ELF ransomware.

Ransomware creators usually target Windows operating systems. But this time, technology lovers’ favorite OpenSource system has been exposed to its vulnerability.

ELF ransomware, in reference to “Executable and Linkable Format” files, is able to encrypt files within the Linux system based on the folder path provided.

Having this information about the folder location, the ELF ransomware then begins encrypting the files present within the folder by adding the .crypted extension to the filename.

Once encrypted, the file becomes inaccessible to the user, and then the last step begins. A file called README_TO_RESTORE is created in the environment containing the necessary information for the victim to establish contact with the attacker.

Incidentally, the content of this file is identical to the README file of the DarkAngels ransomware. This similarity leads researchers to think that the ELF ransomware may be a version of DarkAngels aimed at diversifying the target operating systems.

In May, DarkAngels had been designed to infect Windows environments, and we now know that the ELF ransomware targets Linux environments.

Unfortunately, with the exponential increase in ransomware attacks, it is becoming increasingly complex to escape fatality. That is why it is important to know who to rely on when something like this happens.

Recover files encrypted by ELF ransomware

Fortunately there are qualified companies that are active in the recovery of deleted or encrypted data.

Digital Recovery has been in the data recovery market for over 23 years. Throughout these years, we have gained experience and valuable know-how to be able to help many companies around the world.

We have developed a unique and effective solution to recover files encrypted by ransomware on almost all types of storage devices, such as servers, RAID systems, virtual machines and databases.

At Digital Recovery distance is not a problem. In most cases we can execute our solution remotely and thus help companies all over the world.

Our multilingual support team is available 24/7. Don’t waste time, contact us and get your data back.

Digital Recovery

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Descriptografar ransomware em servidores

Decrypt Server

Ransomware attacks on servers have become a growing threat, compromising the security of critical data and business operations. This article explores the nuances of file


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.