The Spook ransomware is a derivative of the Prometheus ransomware, which in turn is a derivative of the Thanos ransomware. This is a good example of how some ransomware groups act.
Constant attacks can bring unwanted attention from authorities to the group. When this happens, the group’s activities are shut down and, after some time, the same tactics used by the group return being used by another newly created group.
There is the possibility that the group sells the ransomware to another group, which changes the name and continues with the attacks, this field is still very nebulous, there are only deductions of how the groups act after the closure of activities, but it is strange that three ransomware, in sequence, follow the same process and are based on the same program.
Of these three ransomware the one that is active today is the Spook ransomware, its first appearance occurred in September 2021. The group has a website, not only for leaking the files, but also for exposing the companies, that even if they pay the ransom will have their name on the list of victims on the website, the group flaunts its attacks as trophies, to show its strength.
Like its predecessor, after breaking into the system the ransomware shuts down any program that could prevent the full encryption of the files. The interesting thing is that even if the device is disconnected from the internet the encryption continues normally, without any kind of interruption.
The group’s attacks are directed at corporate targets, this does not prevent individuals from being attacked as well, corporate targets are the most lucrative for cybercriminals.
Recover Files Encrypted by Spook Ransomware
Digital Recovery specialises in recovering files that have been partially or fully encrypted by Spook ransomware. This recovery is possible because we have managed to develop software and hardware capable of reconstructing files directly from the hard drive, this recovery is done without the need for the decryption key.
We can recover almost any storage device are: HD, SSD, RAID Systems, Database, Virtual Machines, Servers and others.
The recovery is done by highly qualified professionals, who have at their disposal the most sophisticated tools on the market.
Throughout the process the specialist will accompany the client, a feedback flow will be agreed between the two, so that they are constant and the client is not left in the dark at any time during the process.
We know that having the files blocked for many days can be highly detrimental financially to the company, so we developed the emergency mode of recovery, in this mode our laboratories operate in 24x7x365 mode.
All our processes are supported by General Data Protection Regulation (RGDP) and the confidentiality agreement (NDA).
We are at your disposal, contact our experts right now.
