Xbtl Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 2 |
First Seen: | August 30, 2022 |
OS(es) Affected: | Windows |
The Xbtl Ransomware targets the victim's data and leaves it in an unusable state. Like most ransomware threats, Xbtl Ransomware's encryption process is strong enough to make the restoration of the affected file types practically impossible without having the proper decryption keys. It should be pointed out that the threat is not original or unique ransomware. Instead, it is yet another variant created from the prolific STOP/Djvu malware family.
Following the established behavior of this threatening family, the Xbtl Ransomware also modifies the names of the locked files by appending a new file extension to them. In this case, '.xbtl' is added to the original names. Afterward, the threat will drop a text file named '_readme.txt' containing a ransom note.
The message left by the Xbtl Ransomware is largely consistent with those of other STOP/Djvu threats. It mentions that victims must pay a ransom of $980 if they want to receive a decryptor tool and the decryption keys in the hackers' possession. Affected users who contact the threat actors within the first 72 hours are promised preferential terms of having to pay only 50% of the original ransom amount. The 'support@bestyourmail.ch' and 'supportsys@airmail.cc' email addresses are provided in the note as ways to contact the threat actors. Malware victims should keep in mind that communication with cybercriminals is strongly discouraged, as it could lead to additional privacy or security risks.
Xbtl Ransomware's message is:
'ATTENTION!
Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-sac7bmVIKJ
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.To get this software you need write on our e-mail:
support@bestyourmail.chReserve e-mail address to contact us:
supportsys@airmail.ccYour personal ID:'
SpyHunter Detects & Remove Xbtl Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | 871c33703ce03c07d7857a05a17287ec | 2 |