Rever Ransomware

Ransomware attacks have been on the rise these past few years, and new ransomware often emerges. This July, it was the case with Rever ransomware that has some important characteristics.

The main target of Rever ransomware is Synology NAS and Windows Server systems. After breaking in, most often done via unprotected RDP or malicious emails, the attackers encrypt the files defined as important.

The .rever extension is then added to the original name of the files present on the Synology NAS. On the other hand, files from Windows Server environments are given a random . extension, making it impossible to open files such as OpenOffice, MS Office, database, VM backup, VHD files, and others.

Among the recorded attacks, the most hit locations during invasions are the \Desktop\, \User_folders\ and the \%TEMP%%\ folder, which includes the login ID.

The attackers also use the Rever ransomware to generate a text file called “README_recovery.txt”, which is the equivalent of a ransom note. Victims can find the step-by-step necessary to contact the evildoers via the TOX CHAT instant messaging software and pay the ransom in Bitcoin

In many cases, the group offers a free sample, decrypting a file as proof that they can do file restoration. But that is not a guarantee that the group will do the restoration after payment.

Recover files encrypted by Rever ransomware

Data loss due to ransomware attacks has been responsible for the closure of many companies in recent years. This is why Digital Recovery is positioned as the best ally in this situation.

Our experts have developed unique and very efficient solutions. Today, Digital Recovery is able to recover ransomware-encrypted data from almost any storage device, such as servers, databases, virtual machines, RAID systems and others.

Out of zeal for the security and discretion of our customers, all our solutions are in line with the General Data Protection Regulation (GDPR). Of course, we rely on a confidentiality agreement (NDA) in all projects.

We have competent teams available 24/7 and a service in English, Portuguese, Italian, Spanish and French. What’s more, your data recovery is likely to be possible completely remotely.

So contact us and recover your encrypted data.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Ransomware AtomSilo

AtomSilo Ransomware

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.