Lilith Ransomware

Lilith ransomware was discovered in June and has been carrying out attacks on businesses using double extortion.

When the ransomware is executed the encryption code begins infecting files, adding the “.lilith” extension, and data is stolen and locked. Lilith targets machines using 64-bit versions of Windows.

A file with the ransom note is left by the group on the victim’s desktop. The attachment contains a link to the TOR network where negotiation via TOX can be carried out. The hackers give a 3-day deadline for the payment to be made. If the deadline expires, the victim runs the risk of having their data publicly exposed.

It is worth noting that there is no guarantee of getting the data back through negotiation, according to CISA (Cybersecurity and Infrastructure Security Agency), 80% of companies that resort to ransomware tend to be attacked again.

Like other groups, Lilith has a website that exposes encrypted companies. Recently a large construction network based in South America fell victim to the ransomware.

With each passing day, new hackers emerge to develop malicious software that infects systems. Due to this, companies in the field of data recovery work to bring the solution for lost data.

Recover files encrypted by Lilith ransomware

Suffering ransomware attacks is a huge loss for companies that can lead to days of delays in their productions. With this in mind, Digital Recovery has specialised in the area of recovery of files encrypted by ransomware.

We can say that in most cases it is possible to recover ransomware without negotiating with hackers. For this we have a team of engineers specialized in the area, we are willing to solve your problems quickly and efficiently.

Our services offer benefits to those who hire them, we can perform the recovery completely remote, reducing the time for the delivery of results. In extreme cases, we have our emergency mode where our team works 24×7 to recover the files.

And for the avoidance of doubt regarding our methods, we operate fully compliant with the General Data Protection Regulation (GDPR).

As a company, we know how valuable our data is, and to prevent it from being exposed, we offer each client a confidentiality agreement (NDA – Non-Disclosure Agreement). This guarantees the confidentiality of each procedure.

If you have suffered a ransomware attack, request a diagnosis now and talk to our experts.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Descriptografar ransomware em servidores

Decrypt Server

Ransomware attacks on servers have become a growing threat, jeopardising the security of critical data and business operations. This article explores the nuances of file


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.