Threat Database Ransomware Ransomware Ransomware

By CagedTech in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 75
First Seen: August 23, 2016
Last Seen: May 3, 2019
OS(es) Affected: Windows

The '' Ransomware is a ransomware Trojan that is designed to encrypt the victims' files, taking them hostage in the process, and then demanding the payment of a ransom from the victims. Computer users should avoid paying the '' Ransomware's ransom. Victims of the '' Ransomware that have contacted the people responsible for the '' Ransomware have received unhelpful responses after paying close to $1000 USD in BitCoins. According to reports from victims of the '' Ransomware, the con artists responsible for this attack may ask for even more money from its victims instead of providing a way to decrypt the affected files. For example, a charity that was affected by the '' Ransomware has reported that they were asked to pay an additional $800 USD ransom after the initial $1000 USD payment and the supposed decryption key to remove the '' Ransomware never worked.

The Main Targets of the '' Ransomware are Enterprise Networks

The '' Ransomware is part of a large family of ransomware Trojans that use the extension '.XBTL' to identify infected files and use email addresses belonging to the domain. One of the worrying aspects of the '' Ransomware is that this threat family tends to target enterprise networks and servers rather than focusing on individual users. Because of this, the '' Ransomware infections and variants in this family have a lot of potential for causing significant monetary losses and damage. The '' Ransomware attack is simple to understand. The '' Ransomware may be delivered attached to compromised email messages. These email messages will use social engineering techniques to trick inexperienced computer users into opening the attached file. Once the file is opened, it will change the victim's computer settings to ensure that the '' Ransomware runs automatically each time Windows starts up. The '' Ransomware then connects to its Command and Control server to receive instructions and send information about the infected computer. The '' Ransomware corrupted executable file is dropped into one of the following directories on the infected computer:


This executable file will often be named to make it appear as a legitimate Microsoft Windows system file. When the '' Ransomware carries its attack, it uses a strong encryption algorithm to encrypt the following file types on the infected PC:


The '' Ransomware changes the encrypted files' extensions to .XBTL, making it easy to know which files have been encrypted by this threat.

Protecting Your Computer from Threats Like the '' Ransomware

The best protection against encryption ransomware threats like the '' Ransomware is to ensure that you have offsite backups of all files. In many cases, backups are stored on the same server or network as the infected computer, making it likely that the backups will become corrupted too. Because of this, ensure that your backed up files are not connected physically to the computer. If the backups exist, then the con artists no longer have any way of threatening or demanding money from victims.

SpyHunter Detects & Remove Ransomware

File System Details Ransomware may create the following file(s):
# File Name MD5 Detections
1. Payload1.exe b5bfe922d5fca45b6ad2d0d2a9dab520 28
2. Payload_c.exe e6bd82f380eb0fab900c2b5ce462bd74 16
3. Payload11.exe 19e58ac43d38237db5d803a724fe06a7 8
4. Payload22.exe f44356480e91acef8f437440928030b4 7
5. Payload00.exe 2fc8df6492276f287cdb916277fb0914 6
6. Payload_c.exe 98f0855d4021747730bec172c633a56b 6
7. Payload88.exe bf7b15cb398ab411cb2e2201bfe20055 3


Most Viewed