ELF Ransomware

Uptycs researchers have recently discovered a new ransomware attacking Linux systems. Its name, ELF ransomware.

Ransomware creators usually target Windows operating systems. But this time, technology lovers’ favourite OpenSource system has been exposed to its vulnerability.

ELF ransomware, in reference to “Executable and Linkable Format” files, can encrypt files within the Linux system based on the folder path provided.

Having this information about the folder location, the ELF ransomware then starts encrypting the files present within the folder by adding the .crypted extension to the filename.

Once encrypted, the file becomes inaccessible to the user and then the last step begins. A file called README_TO_RESTORE is created in the environment containing the necessary information for the victim to establish contact with the attacker.

Incidentally, the contents of this file are identical to the DarkAngels ransomware README file. That similarity leads researchers to think the ELF ransomware may be a version of DarkAngels aimed at diversifying target operating systems.

In May, DarkAngels had been designed to infect Windows environments and we now know that ELF ransomware targets Linux environments.

Unfortunately, with the exponential increase in ransomware attacks, it is becoming increasingly complex to escape fatality. That’s why it’s important to know who to rely on when something like this happens.

Recover files encrypted by ELF ransomware

Fortunately there are qualified companies that work in the recovery of deleted or encrypted data.

Digital Recovery has been in the data recovery market for over 23 years. Throughout these years, we have gained valuable experience and know-how to be able to help many companies around the world.

We have developed a unique and effective solution to recover files encrypted by ransomware on almost any type of storage device, such as servers, RAID systems, virtual machines and databases.

This solution was created based on the General Data Protection Regulation (GDPR) and we highly value the confidentiality of our clients. For this reason, we provide them with an NDA in all projects.

At Digital Recovery distance is not a problem. In most cases, we can execute our solution remotely and thus help companies around the world.

Our multilingual support team is available 24/7. Don’t waste time, contact us and get your data back.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Descriptografar ransomware em servidores

Decrypt Server

Ransomware attacks on servers have become a growing threat, jeopardising the security of critical data and business operations. This article explores the nuances of file


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.