The Memento ransomware has used a very different tactic than other ransomware, unlike other groups that encrypt all files, Memento does not.
The group was unable to apply encryption to the files because the process was prevented by endpoint protection, a tool used by anti-ransomware software.
With this hindrance the group found another tactic, instead of encrypting all the files, the ransomware copies the files and transfers them to a private, password-protected folder, and the key to the folder is encrypted, and the original files are deleted.
Then, without the decryption key it will not be possible to access the folders, and besides holding the files “hostage” the group also removes some files to apply double extortion.
If the victim does not pay the ransom, the decryption key will be permanently deleted and the files that were removed will be leaked on the Dark Web.
In addition to this difference in the way encryption works, some of the invasions by Memento have identified the installation of cryptocurrency miners on victims’ servers.
This shows that Memento ransomware has been developed as malware that can go far beyond encryption and file theft.
Recovering Files Encrypted by Ransomware Memento
For over 20 years Digital Recovery has worked tirelessly on developing technologies capable of recovering data. All these years of experience enabled us to develop Trace, a technology capable of recovering files encrypted by ransomware.
Our processes are customized to meet the real needs of each client, and during the entire process the client is accompanied by one of our specialists.
We can recover data from virtually any storage device, such as HDDs, SSDs, Databases, Servers, Virtual Machines, Storages, RAID systems, and others.
All processes are done in a totally secure environment, with our services, our clients save more than 100 million dollars by not paying the ransom.
We are at your company’s disposal to recover all files that were lost or encrypted by the Memento ransomware.