Defray 777 Ransomware

Defray 777 ransomware is perhaps the most destructive ransomware family in recent years. This ransomware family includes extensions such as Ransom X and Ransom XXX. This group has been active since 2017, with constant attacks and a remarkable evolution in its ransomware.

This ransomware was the first recorded ransomware to be able to become hybrid, being able to attack both Windows and Linux operating systems.  

The main means of attack of Defray 777 ransomware is the email phishing campaign, the ransomware is attached in the email in microsoft word documents, which once downloaded, immediately installs the ransomware on the system, the ransomware’s first measure is to disable commands that could be a risk to it.

The ransomware hides itself in the memory and starts the encryption process, only after the encryption of all files the ransomware locks the computer presenting the ransom message to the victim.

The attacks are mainly directed at companies operating in the health area, but are not restricted to them only. Recently, it attacked Lojas Renner, which paralysed the company’s entire E-commerce operation.

Rumour has it that the ransom demanded by the group was around 1 billion reais, but it is not known for sure what the outcome of the attack was.

Perhaps this is the group that has updated the most over time, they are as active as they were in their first attacks.

Recover files encrypted by Defray 777 ransomware

Recovering ransomware is one of the biggest challenges for companies operating in this market, the technologies for this type of recovery were, until 2 years ago, non-existent, if there was not an updated backup of the files the payment was almost certain. The groups that develop ransomware took advantage of this to leverage their attacks and, even today, they still use this advantage.

But, there is a difference, today there are companies that can recover files encrypted by ransomware, and among them, is Digital Recovery, which has managed to develop technologies capable of recovering files encrypted by any ransomware extension, including Defray 777.

This recovery is possible thanks to Tracer which locates, repairs, rebuilds and recovers the encrypted files. This is done without the need for the decryption key.

without the need for the decryption key. All our processes are compliant with General Data Protection Regulation (GDPR) and we also offer our clients the confidentiality agreement (NDA).

During the whole process the client will be in contact with one of our specialists, who will clarify any questions about the process. Once the files have been recovered, the client checks that all files have been recovered with the assistance of our specialist, validating all recovered files.

We can recover HDDs, SSDs, databases, servers, RAID storage and others. This recovery can be done remotely in many cases.

Count on Digital Recovery to recover your files encrypted by ransomware.

Digital Recovery helps businesses recover data

Check out other posts

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Récupérer le Ransomware Makop

Makop Ransomware

The Makop ransomware has grown through its affiliate programme, RaaS (Ransomware as a Service), a tactic that aims to find partners to carry out attacks

Recover BlogXX Ransomware

Ransomware BlogXX

The BlogXX ransomware group recently emerged with the theft of patient data from Mediabank, an Australian health insurer, on October 12. According to authorities, the


Pozq ransomware

Pozq ransomware was recently discovered after a sample submission on VirusTotal. After some analysis, evidence was highlighted that Pozq may have a relationship with the


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.