Data is a newly discovered ransomware variant that encrypts files on infected systems and appends the .data3 extension to them. It also modifies the desktop wallpaper and drops a ransom note named “#Read-for-recovery.txt” instructing victims to contact the attackers via email.
Threat Summary
| Name | Data Ransomware |
|---|---|
| Threat Type | Ransomware, Crypto Virus, File Locker |
| Encrypted Extension | .data3 |
| Ransom Note | #Read-for-recovery.txt |
| Free Decryptor Available? | No |
| Attacker Contact | data.revival@onionmail.org |
| Detected as | Avast (Win64:RansomX-gen), Kaspersky (HEUR:Trojan-Ransom.Win32.Generic), Microsoft (Ransom:Win64/Akira!rfn) |
| Symptoms | Encrypted files, ransom note, changed wallpaper |
| Distribution | Phishing emails, torrents, fake software updates |
| Damage | File encryption, potential data theft |
How Does Data Ransomware Encrypt Files?
When a system is infected with Data ransomware, it renames files in the following format:
- Before encryption:
document.docx - After encryption:
document.docx.[data.revival@onionmail.org].data3
The ransomware is linked to the Proton ransomware family and exhibits behaviors typical of file-locking malware.
Data Ransomware Ransom Note Overview
The ransom note left by Data ransomware instructs victims to email the attackers at:
- Primary email:
data.revival@onionmail.org - Alternative email:
data.revival@onionmail.org
It advises users to check their spam folder for replies and, if no response is received within 24 hours, to create a new email account (Gmail or Outlook) and resend the message.
Text in the ransom note:
Email 1:
data.revival@onionmail.org
Email 2:
data.revival@onionmail.org
Send messages to both emails at the same time
So send messages to our emails, check your spam folder every few hours
ID: –
If you do not receive a response from us after 24 hours, create a valid email, for example, gmail,outlook
Then send us a message with a new email
Data Ransomware Desktop Wallpaper
After encryption, the ransomware modifies the system wallpaper, displaying the same email contact for ransom negotiations.
Email us for recovery:
data.revival@onionmail.org
In case of no answer, send to this email:
data.revival@onionmail.org
Your unqiue ID: –
How Did Data Ransomware Infect My Computer?
Cybercriminals use various methods to distribute ransomware, including:
- Malicious email attachments (macro-enabled Word documents, PDFs, ZIP files)
- Fake software updates and pirated downloads
- Torrent websites and P2P networks
- Compromised websites and malicious ads
- Exploiting software vulnerabilities
- Tech support scams
How to Remove Data Ransomware from Your System
Step 1: Disconnect from the Internet
Immediately disconnect your system from the network to prevent the ransomware from spreading further.
Step 2: Boot into Safe Mode
- Restart your computer and press F8 (Windows 7) or Shift + Restart (Windows 10/11) to access Advanced Startup.
- Select Safe Mode with Networking.
Step 3: Use SpyHunter for Malware Removal
To fully remove Data ransomware, use SpyHunter, a trusted anti-malware tool that detects and eliminates ransomware threats.
SpyHunter Removal Instructions:
- Download SpyHunter and install it on your system.
- Perform a full system scan to detect malicious files.
- Click Fix Threats to quarantine and remove detected threats.
- Restart your system.
Step 4: Restore Encrypted Files (Optional)
Unfortunately, no free decryptor exists for Data ransomware. However, you can try these recovery methods:
- Restore from Backups: If you have cloud or external backups, use them.
- Windows Previous Versions: Right-click on an encrypted file > Properties > Previous Versions.
- Shadow Copies: Use software like ShadowExplorer (if ransomware didn’t delete them).
- Third-Party Decryption Tools: Check sites like NoMoreRansom.org for possible decryptors.
How to Protect Yourself from Ransomware Attacks
Follow these security measures to prevent future infections:
Enable Real-Time Antivirus Protection
Use a reputable anti-malware program like SpyHunter to monitor threats.
Avoid Suspicious Emails and Links
- Do not open email attachments from unknown senders.
- Avoid clicking on unverified links in emails or messages.
Keep Software Updated
Regularly update Windows, antivirus software, and third-party applications to patch vulnerabilities.
Backup Your Data
- Store backups on external hard drives or cloud storage.
- Use automated backup solutions like OneDrive, Google Drive, or Acronis.
Disable Macros in Microsoft Office
- Go to File > Options > Trust Center > Trust Center Settings > Macro Settings.
- Select “Disable all macros with notification.”
Conclusion
Data ransomware is a dangerous file-encrypting malware that prevents victims from accessing their files until a ransom is paid. Paying the ransom is not advisable, as it does not guarantee file recovery and may encourage further attacks.
To remove Data ransomware, use SpyHunter, a reliable anti-malware tool that detects and eliminates ransomware threats. Additionally, maintain offline backups, update your software regularly, and avoid suspicious emails to minimize the risk of future infections.
