Dark Angels Ransomware

The Dark Angels ransomware has been active since May 2022, all indications are that it belongs to the Babuk ransomware family. As usual ransomware groups improve their malware and release new variants frequently.

The Dark Angel ransomware is not left out of this move either. We have seen that the ransomware called ELF has appropriated a good technical part of the Dark Angel ransomware that has been copied this time.

Unlike the ELF ransomware that targets Linux environments, Dark Angel focuses on attacking companies that have Windows and Windows Server systems. According to recent testimonials from victims, the Dark Angel ransomware attacks have generated a very high level of damage.

Some companies end up suffering serious consequences due to the event. These include loss of revenue, fines linked to the General Data Protection Law, or loss of credibility with regard to their customers and future potential customers.

In most cases, the entry point of ransomware is simply due to a lack of attention from an employee. In fact, 85% of breaches are caused by human error, such as opening a malicious email, for example.

Once the environment is hacked, the Dark Angels ransomware is then executed. Dark Angels is designed to perform a well-defined process that basically boils down to these points:

  • Copy the data to a protected and confidential area from the hackers.
  • Encrypt the files to make them inaccessible.
  • Adding an extension to the original file name.
  • Generate a file corresponding to the ransom note.
  • Exit the environment.

After the data copy and encryption phase, the infected files gain the extension .crypt to the original file name.

Then, before the process is complete, a text file that makes the ransom note craft is generated. The victim will then find a new file called “How_To_Restore_Your_Files.txt” in their environment.

There are indications on how to contact the attackers via a link to the Tor network. In the same file we can read threatening indications of what the victim should not do according to the Dark Angels group. Here are some points mentioned in the ransom note:

  • Do not edit the affected files (e.g. rename, move, copy, etc.)
  • Do not reboot or shut down the infected device.
  • Do not use third-party recovery software or contact the authorities.

An imminent danger is discernible when one sees the growth in the number of attacks in recent months. This increase also reveals that it is not possible to be safe from a ransomware attack. This is why we should no longer think about what my company should do “if” it happens but “when” it happens.

It is important to be in good company when ransomware breaks into your system, plus the criminals don’t want the victim to find any other way to recover the encrypted data than their solution.

Recover files encrypted by Dark Angels ransomware

Today there are secure companies like Digital Recovery that are active in the data recovery market. With an experience of more than 23 years, it was possible to acquire knowledge and a strong know-how to help companies that were victims of ransomware attacks around the world.

Our team was able to develop an effective solution that allows us to recover encrypted data on almost any storage device, such as servers, RAID systems, virtual machines, databases, among others.

We understand how important it is for our customers to act confidentially and professionally. That is why our solution is based on the General Data Protection Regulation (GDPR). In addition, we provide our customers with a confidentiality agreement (NDA).

Today, Digital Recovery is able to work fully remotely, both in the diagnosis and recovery process.

Our multilingual support team is available 24/7 to help you recover your data quickly and effectively.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionised digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery