Exorcist Ransomware

Exorcist ransomware has appeared on Russian dark web forums looking for affiliates willing to carry out attacks with its malware, the group offers 70% of the ransom to its affiliates.

This tactic is called RaaS (Ransomware as a Service), which is the outsourcing of attacks, is used to expand the group’s influence. Affiliates have a certain amount of freedom to carry out attacks, one of the few restrictions being attacks on countries that are members of the former Soviet Union.

Several ransomware groups treat these countries with a certain fear, the best explanation is that these groups control their attacks from these countries and do not want the attention of the authorities, so they target their attacks on Western countries mainly.

Exorcist uses AES 256 + RSA 4096 encryption, this combination of algorithms increases the reliability of the encryption, making it virtually impossible to break without the decryption key that the group keeps on a remote server.

All files affected by ransomware are given an extension with a sequence of random characters, this extension is the same for all files, and the ransom note also carries the random characters in its name.

On the ransom note are all the necessary information for the victim to contact the criminals and pay the ransom, even though the group gives no guarantee  that they will actually release the decryption key after payment.

Recover files encrypted by Exorcist ransomware

Digital Recovery specializes in the recovery of data encrypted by ransomware, without the need for the decryption key.

We have more than 23 years of experience in the data recovery market.

We act in the most complex scenarios of data loss by ransomware attacks, acting with high precision and agility.

We do not negotiate with hackers, we keep all the information about the process confidential, we guarantee this through the confidentiality agreement (NDA).

We develop technologies that can be applied remotely, our solutions can be executed in companies around the world.

Contact us and start data recovery now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.