The Memento ransomware has used a very different tactic than other ransomware; unlike other groups that encrypt all files, Memento does not.
The group was unable to apply encryption to the files because the process was prevented by endpoint protection, a tool used by anti-ransomware software.
With that hindrance the group found another tactic, instead of encrypting all the files, the ransomware copies the files and transfers them to a private, password-protected folder, and the key to the folder is encrypted, and the original files are deleted.
Then, without the decryption key it will not be possible to access the folders, in addition to holding the files “hostage” the group also removes some files to apply double extortion.
If the victim does not pay the ransom, the decryption key will be permanently deleted and the files that were removed will be leaked on the Dark Web.
In addition to this difference in the way of acting with encryption, the installation of cryptocurrency miners on victims’ servers has been identified in some of the invasions made by Memento.
This shows that Memento ransomware has been developed as malware that can go far beyond encryption and file theft.
Faced with this extremely complicated scenario, the assistance of a company that is capable of recovering files encrypted by Memento ransomware is needed.
Recover Files Encrypted by Memento Ransomware
For over 20 years Digital Recovery has worked tirelessly to develop technologies capable of recovering data. All these years of experience have enabled us to develop Trace, a technology capable of recovering files encrypted by ransomware.
Our processes are customised to meet the real needs of each client, during the entire process the client is accompanied by one of our specialists.
We can recover data from virtually any storage device, such as HDDs, SSDs, Databases, Servers, Virtual Machines, Storages, RAID systems and others.
All processes are done in a totally secure environment, with our services, our customers saving over 100 million dollars with no ransom payments.
We are at your company’s disposal to recover all the files that have been lost or encrypted by the Memento ransomware.