The Spook ransomware is a derivation of the Prometheus ransomware, which in turn is a derivation of the Thanos ransomware. This is a good example of how some ransomware groups act.
Constant attacks can bring unwanted attention from authorities to the group. When this happens, the group’s activities are shut down, and after some time the same tactics used by the group return and are used by another newly created group.
There is the possibility that the group sells the ransomware to another group, which changes the name and continues with the attacks, this field is still very nebulous, there are only deductions of how the groups act after the activities are shut down, but it is strange that three ransomware in a row follow the same process and are based on the same program.
Of these three ransomware the one that is active today is the Spook ransomware, its first appearance occurred in September 2021. The group has a website, not only for leaking the files, but also for exposing companies, who even if they pay the ransom will have their name on the list of victims on the website, the group flaunts its attacks as trophies, to show its strength.
Like its predecessor, after breaking into the system the ransomware shuts down any program that could prevent the full encryption of the files. The interesting thing is that even if the device is disconnected from the internet the encryption continues normally, without any kind of interruption.
The group’s attacks are directed at corporate targets, this does not prevent individuals from being attacked as well, corporate targets are the most lucrative for cybercriminals.
Recover Files Encrypted by Spook Ransomware
Digital Recovery specializes in recovering files that have been partially or fully encrypted by Spook ransomware. This recovery is possible because we have managed to develop software and hardware capable of reconstructing files directly from the hard drive, this recovery is done without the need of the decryption key.
We can recover almost any storage device, be it: HD, SSD, RAID Systems, Database, Virtual Machines, Servers and others.
The recovery is done by highly qualified professionals, who have at their disposal the most sophisticated tools on the market.
Throughout the process, the specialist will accompany the client, and a feedback flow will be agreed between the two, so that feedbacks are constant and the client is not left in the dark at any time during the process.
We know that having the files blocked for many days can be highly financially harmful to the company, that is why we developed the emergency recovery mode, in which our labs work in 24x7x365 mode.
All our processes are supported by the confidentiality agreement (NDA).
We are at your disposal, contact our experts right now.
