Ransomware attacks have been on the rise these past few years, and new ransomware often emerges. This July, it was the case with Rever ransomware that has some important characteristics.
The main target of Rever ransomware is Synology NAS and Windows Server systems. After breaking in, most often done via unprotected RDP or malicious emails, the attackers encrypt the files defined as important.
The .rever extension is then added to the original name of the files present on the Synology NAS. On the other hand, files from Windows Server environments are given a random .
Among the recorded attacks, the most hit locations during invasions are the \Desktop\, \User_folders\ and the \%TEMP%%\ folder, which includes the login ID.
The attackers also use the Rever ransomware to generate a text file called “README_recovery.txt”, which is the equivalent of a ransom note. Victims can find the step-by-step necessary to contact the evildoers via the TOX CHAT instant messaging software and pay the ransom in Bitcoin
In many cases, the group offers a free sample, decrypting a file as proof that they can do file restoration. But that is not a guarantee that the group will do the restoration after payment.
Recover files encrypted by Rever ransomware
Data loss due to ransomware attacks has been responsible for the closure of many companies in recent years. This is why Digital Recovery is positioned as the best ally in this situation.
Our experts have developed unique and very efficient solutions. Today, Digital Recovery is able to recover ransomware-encrypted data from almost any storage device, such as servers, databases, virtual machines, RAID systems and others.
Out of zeal for the security and discretion of our customers, all our solutions are in line with the General Data Protection Regulation (GDPR). Of course, we rely on a confidentiality agreement (NDA) in all projects.
We have competent teams available 24/7 and a service in English, Portuguese, Italian, Spanish and French. What’s more, your data recovery is likely to be possible completely remotely.
So contact us and recover your encrypted data.