Threat Database Ransomware Xcbg Ransomware

Xcbg Ransomware

The Xcbg Ransomware has been confirmed as another nefarious ransomware variant belonging to the STOP/Djvu malware family. The threat itself is almost indistinguishable from the other STOP/Djvu variants, but that doesn't make it any less threatening. Computer systems infected by the threat will experience severe data encryption, resulting in most of the files stored on them being rendered both inaccessible and unusable. The goal of the attackers is to use the locked data as leverage to extort money from their victims.

The Xcbg Ransomware's encryption routine can affect documents, PDFs, databases, audio and video files, archives and more. Each locked file also will be marked by having '.xcbg' appended to its original name as a new extension. When all targeted file types have been processed, the malware threat will create a text file named '_readme.txt' on the victim's computer. The file will contain a ransom note with instructions from the attackers.

Ransom Note's Overview

The note left by Xcbg follows the typical STOP/Djvu pattern. It tells affected users that to receive the necessary decryption tool and key from the hackers, they would need to pay a ransom of $980. However, that amount can supposedly be cut in half to $490, if victims establish a contact in the first 72 hours following the attack. Users also can send one encrypted file that the attackers are apparently going to unlock and return for free. According to the ransom-demanding message, victims can use two email addresses to reach the hackers. The primary email is 'support@sysmail.ch,' while 'helprestoremanager@airmail.cc' acts as a backup.

The full text of the instructions left by Xcbg Ransomware is:

'ATTENTION!

Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-bPgv29RUmq
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
support@sysmail.ch

Reserve e-mail address to contact us:
helprestoremanager@airmail.cc
'

Trending

Most Viewed

Loading...