Ransom Cartel

The Ransom Cartel has emerged with similarities to the REvil Sodinokibi ransomware, there are certain technical similarities between them, however, it is unclear whether it is really a copy of REvil or a new ransomware that is simply similar.

The files encrypted by Ransom Cartel feature the extension change, ‘.294l0jaf59.‘ is added. The ransom note closely resembles the note from the renowned Revil Sodinokibi.

The leaders of the REvil group remain with unknown fate, but numerous groups have attempted to take over the legacy left by REvil, which was one of the most lethal groups of recent times. Perhaps the Ransom Cartel is another such group.

To attack its victims, Ransom Cartel uses Phishing campaigns to access the device, and after the invasion it starts encrypting and blocking access from the administrators. After finishing the encryption process a ransom note is left on the desktop.

In the ransom note is left the information for the victim to contact the group and make the payment of the ransom, this contact is made by .TOR and the payment is made in cryptocurrencies.

Recover Files Encrypted by Ransom Cartel

With over 20 years in the market, Digital Recovery has the necessary know-how to recover data encrypted by ransomware. We can recover files stored in Databases, Virtual Machines, Storages, RAID Systems, Servers and others.

We do not negotiate with hackers, we can recover data even without the decryption key, we have exclusive technologies for this.

The confidentiality of information about processes and about our customers is guaranteed by the confidentiality agreement (NDA).

In cases where the affected media cannot be sent to our lab, we make data recovery remotely available; our solutions cover companies worldwide.

We can also perform emergency mode recovery, in which case our labs operate with 24×7 availability.

Contact us and start data recovery now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.