IceFire Ransomware

The IceFire ransomware emerged in the first half of March 2022, the group has applied the tactic of double extortion, which consists of locking the system by encryption and stealing sensitive files with the intent to disclose them if the company does not pay the ransom.

IceFire uses the AES+RSA encryption algorithm, this is an extremely powerful encryption, it generates a unique decryption key, decryption is only done with this key which is kept by the group on a remote private server.

The group charges a high ransom for the release of the decryption key, but not only for this, this price is also charged so that no company files are released.

The group has concentrated its attacks on English-speaking users, and there have been numerous reported attacks around the world by the group.

It is not known for sure what is the main way the group uses to break into a victim’s system, but it is most likely through spam and phishing email campaigns.

After IceFire has broken into the system it copies the files and uploads them to its servers and encrypts the original files. All files affected and by the ransomware are given the extension .iFire.

A file is left with named “iFire-readme.txt” in it are the ransomware terms for the decryption key and a link to the group’s website in the TOR browser. After contact, the group sets the ransom amount that must be paid in cryptocurrency, the currency used by the group is Monero.

Even with the payment, the groups give no guarantee that the decryption key will actually be delivered or that the stolen data will not be released. So think very carefully before negotiating with hackers.

Recover Files Encrypted by IceFire Ransomware

Digital Recovery specializes in the recovery of data encrypted by ransomware, operating in the data recovery market for over 23 years.

We have developed unique technologies that enable us to recover files encrypted on HD, SSD, Database, Storages (NAS, DAS, SAN), RAID Systems, Servers, Virtual Machines and others.

We have the ability to recover files from any company in the world, through remote recovery.

We have the ability to recover files from any company in the world, through remote recovery.

We can perform advanced diagnostics and thus project how long the process will take and what the chances of data recovery are.

Contact us and start recovery now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that

Recuperar Ransomware Makop

Makop Ransomware

Makop ransomware has been expanding through its affiliate program, RaaS (Ransomware as a Service), a tactic that aims to seek partners to carry out attacks


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.