Remove RestoreBackup ransomware

RestoreBackup ransomware is file-encrypting malware. It’s a very serious infection that essentially takes files hostage and demands payment for their recovery. If your computer is infected and your files are encrypted, the files will have an .{random string of characters}.restorebackup extension added to them. Unfortunately, unless you use a specific decryptor on them, you will not be able to open the files. At the moment, only users who have backups can recover files for free.

 

 

When users open an infected file, the malware activates and begins to encrypt files immediately. This ransomware, like all similar infections, primarily targets personal files that users consider most important, such as documents, photos, videos, and images. Encrypted files are easy to identify due to the added extensions. This ransomware appends a .{random string of characters}.restorebackup extension. For example, a text.txt file would become text.txt.{random string of characters}.restorebackup if encrypted.

Once it’s done encrypting files, the ransomware drops a README.TXT ransom note that informs users that their files have been encrypted. It states that unless the ransom is paid, it’s not possible to recover the files. Ultimately, the choice to pay the ransom is yours, but it’s not recommended as it does not guarantee a decryptor will be sent to you.

The full RestoreBackup ransomware ransom note is below:

YOUR FILES ARE ENCRYPTED

Your files, documents, photos, databases and other important files are encrypted.

You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.

To be sure we have the decryptor and it works you can send an email:
RestoreBackup@cock.li and decrypt one file for free.
But this file should be of not valuable!

Do you really want to restore your files?
Write to email:
RestoreBackup@cock.li

Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

* Do not contact the intermediary companies. Negotiate on your own. No one but us will be able to return the files to you. As evidence, we will offer to test your files.

If you have a backup, you can connect to it and initiate file recovery after you remove RestoreBackup ransomware from your system. You need to use an anti-malware program to remove  RestoreBackup ransomware. Once the ransomware is no longer present, you can safely connect to your backup.

There is currently no free RestoreBackup ransomware decryptor available. Therefore, users without a backup who choose not to pay the ransom will be unable to recover their files at this time.

How is ransomware distributed?

Ransomware is distributed in many ways, such as torrents, email attachments, and malicious links or advertisements. Users with poor browsing habits are significantly more susceptible to infections due to their frequent engagement in risky online activities. Developing healthier online habits is an effective way to prevent malware infections, as is familiarizing yourself with common malware distribution methods and what to be on the look out for.

Emails are a very common method for distributing malware. Malicious emails are often masqueraded as notifications for parcel deliveries or order confirmations. To grab users’ attention, they frequently mention large sums of money or expensive purchases, creating a sense of urgency that pressures users. However, a closer examination can usually reveal their malicious nature. Typically, these emails contain noticeable grammar and spelling mistakes, which is an immediate giveaway. Another red flag is the use of generic words like User, Member, or Customer when addressing users. Legitimate companies address their customers by name, while malicious senders often don’t have access to personal information beyond email addresses and resort to using vague words.

We should mention that when malicious emails target specific people or companies, they tend to be much more sophisticated. Such emails often don’t have signs of malicious intent, address the recipient by name, include details that lend them credibility, and have no mistakes. Thus, it’s recommended to not open unsolicited email attachments until they’ve been scanned with anti-virus software or checked with VirusTotal.

Torrents are another common method for malware distribution. It’s well-known that torrent sites are poorly moderated, allowing malicious actors to upload torrents containing malware. Particularly, torrents for entertainment content—such as movies, TV shows, and video games—often carry malware. If you frequently engage in the piracy of copyrighted material, you’re not only stealing content but also jeopardizing your computer and personal data.

How to remove RestoreBackup ransomware

Ransomware is a dangerous type of malware, which is why it’s important to use an anti-virus program. Attempting to manually delete RestoreBackup ransomware without proper knowledge could lead to further harm to your system. If you have backups of your files, you can start recovering them as soon as you’ve removed the ransomware from your computer. However, be cautious: if your computer remains infected while you access your backup, the files in your backup could also become encrypted.