0xxx Ransomware

0xxx Ransomware Description

New ransomware threats and variants are being unleashed by unscrupulous hackers almost daily. One of the latest to be observed in the wild by cybersecurity researchers is called 0xxx Ransomware. The 0xxx Ransomware is a threat that locks the files stored on the compromised systems and then extorts its victims for money. Users affected by the 0xxx Ransomware will be prevented from accessing most of their data - photos, documents, archives, databases, etc. The files will be encrypted with a strong cryptographic algorithm and then marked by having '.0xxx' appended to their names as a new extension. Upon completing the encryption process, the 0xxx Ransomware delivers a message from the hackers contained inside text files named '!0XXX_DECRYPTION_README.TXT.'

0xxx Ransomware's Demands

The ransom note reveals that the cybercriminals behind 0xxx Ransomware want to receive the sum of $300 payable in Bitcoin. This is a common practice among ransomware operators because cryptocurrencies are almost untraceable. However, to receive the wallet address where the ransom has to be transferred, users must first initiate contact. The only communication channel provided by the note is the 'iosif.lancmann@mail.ru' email address. As part of their messages, users also must include the unique ID string that can be found in the ransom note. Victims of the 0xxx Ransomware are allowed to attach up to 3 locked files that will supposedly be decrypted and returned to them.

Dealing with an 0xxx Ransomware's Attack

Having to mitigate the damage left in the wake of a ransomware attack is always a hectic process. The first step that victims should take is to remove the ransomware itself, the 0xxx Ransomware in this case, from the breached systems, by using a professional anti-malware solution preferably. Doing so will ensure that the threat will not be able to encrypt any new files introduced onto the infected machines. Afterward, instead of entering into negotiations with the cybercriminals and potentially exposing themselves to additional security risks, users should look for a suitable backup. The most important requirement is for the backup to have been created before the ransomware had entered the device. Otherwise, users risk reintroducing the threat to the already cleaned computers.

The full text of 0xxx Ransomware's note is:

'All your files have been encrypted with 0XXX Virus.
Your unique id: -
You can buy decryption for 300$USD in Bitcoins.

To do this:
1) Send your unique id - and max 3 files for test decryption to iosif.lancmann@mail.ru
2) After decryption, we will send you the decrypted files and a unique bitcoin wallet for payment.
3) After payment ransom for Bitcoin, we will send you a decryption program and instructions. If we can decrypt your files, we have no reason to deceive you after payment.
'