RansomEXX is part of the group that has been most active recently, this group is made up of the Defray 777 and Ransom X ransomware. Together they are responsible for hundreds of attacks around the world.
RansomEXX was developed to attack Windows operating systems, but over time has been updated and can also attack Linux operating systems, although Linux encryption is not as effective as Windows.
After the invasion, the ransomware disables all programs that could identify it or prevent the process of encryption of the files. The encrypted files are left with the extension .EXX.
After all the files are encrypted the ransomware changes the desktop image with one made by the group containing directions on how to pay the ransom and hand over the decryption key.
RansomEXX has made three major attacks in recent years against Texas TxDOT, Konica Minolta and the Brazilian STJ (Superior Court of Justice). The group targets its attacks on state-owned and large private companies.
There are records of an attack made against Tyler Technologies, a software development company for the public sector in the United States, this attack paralysed the company that was forced to pay the ransom to the cybercriminals.
Embraer, one of the largest aircraft manufacturers in the world, owes part of its files posted on the group’s website.
All of this shows how the group controlling ransomEXX has grown and has shown itself with one of the largest ransomware groups in the world. The attacks made show the power they possess.
Digital Recovery specializes in recovering files encrypted by ransomEXX. This is only possible because we have developed a technology capable of reconstructing the encrypted data. This recovery is done without the need for the decryption key.
With more than 20 years of experience we have acquired the necessary expertise to recover any device that has been affected, which can be: Virtual Machines, RAID Systems, Database, Storages and others.
We have the ability to recover files remotely in a totally safe environment. This recovery can be done from anywhere in the world.
Throughout the process the customer is accompanied by a specialist who can help with any questions about the processes adopted.
Besides all our processes being in accordance with the European General Data Protection Regulation (GDPR) we count on the confidentiality agreement (NDA).
All recovered data is confidential and all information about the process will not be disclosed.
Count on Digital Recovery’s experience to recover your encrypted files.