Spook Ransomware

The Spook ransomware is a derivative of the Prometheus ransomware, which in turn is a derivative of the Thanos ransomware. This is a good example of how some ransomware groups act.

Constant attacks can bring unwanted attention from authorities to the group. When this happens, the group’s activities are shut down and, after some time, the same tactics used by the group return being used by another newly created group.

There is the possibility that the group sells the ransomware to another group, which changes the name and continues with the attacks, this field is still very nebulous, there are only deductions of how the groups act after the closure of activities, but it is strange that three ransomware, in sequence, follow the same process and are based on the same program.

Of these three ransomware the one that is active today is the Spook ransomware, its first appearance occurred in September 2021. The group has a website, not only for leaking the files, but also for exposing the companies, that even if they pay the ransom will have their name on the list of victims on the website, the group flaunts its attacks as trophies, to show its strength.

Like its predecessor, after breaking into the system the ransomware shuts down any program that could prevent the full encryption of the files. The interesting thing is that even if the device is disconnected from the internet the encryption continues normally, without any kind of interruption.

The group’s attacks are directed at corporate targets, this does not prevent individuals from being attacked as well, corporate targets are the most lucrative for cybercriminals.

Spook Ransomware

Recover Files Encrypted by Spook Ransomware

Digital Recovery specialises in recovering files that have been partially or fully encrypted by Spook ransomware. This recovery is possible because we have managed to develop software and hardware capable of reconstructing files directly from the hard drive, this recovery is done without the need for the decryption key.

We can recover almost any storage device are: HD, SSD, RAID Systems, Database, Virtual Machines, Servers and others.

The recovery is done by highly qualified professionals, who have at their disposal the most sophisticated tools on the market.

Throughout the process the specialist will accompany the client, a feedback flow will be agreed between the two, so that they are constant and the client is not left in the dark at any time during the process.

We know that having the files blocked for many days can be highly detrimental financially to the company, so we developed the emergency mode of recovery, in this mode our laboratories operate in 24x7x365 mode.

All our processes are supported by General Data Protection Regulation (RGDP) and the confidentiality agreement (NDA).

We are at your disposal, contact our experts right now.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Ransomware AtomSilo

AtomSilo Ransomware

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.