xCor Ransomware
The xCor Ransomware is specifically created to encrypt the files of its victims, alter their filenames, and present a ransom note with demands. The altered filenames will have a victim's unique ID, 'xcorp@decoymail.mx' email address, and the '.xCor' extension appended to them. To make sure that the victim is aware of the ransom, xCor utilizes two distinct methods: displaying a pop-up window with a ransom note and generating an 'info.txt' file. Cybersecurity researchers have confirmed that the xCor threat belongs to the Dharma Ransomware family.
The xCor Ransomware can Impact a Large Number of Filetypes
The ransom note presented to the victims of the xCor Ransomware begins with notifying them that all of their files have been encrypted. The threat actors state that file restoration is possible. The attackers provide instructions for victims to establish contact via email, either through 'xcorp@decoymail.mx' or 'whisper@mailfence.com.'
Furthermore, the malware's ransom note offers a guarantee from the attackers in the form of free decryption for up to three files. However, certain restrictions apply to the files eligible for decryption. These restrictions include a maximum file size of 3 megabytes and no valuable information, such as databases or backups.
The ransom note concludes with two warnings for the victims. Firstly, they are advised against renaming the encrypted files, likely to avoid complications during the decryption process. Secondly, victims are discouraged from attempting to decrypt the encrypted data using third-party software. Such attempts could potentially result in permanent loss of the data.
However, paying the ransom is strongly discouraged, as it not only perpetuates the activities of cybercriminals but also provides no guarantee of file recovery. Ransomware threats often have the potential to cause further encryption and infections. To prevent such situations, victims are advised to eliminate the ransomware from their infected systems promptly.
Protect Your Devices and Data from Ransomware Attacks
Users can protect their data and devices from ransomware attacks by implementing a comprehensive approach that combines various security measures and practices.
First and foremost, maintaining up-to-date and robust anti-malware software is essential. Regularly updating these security tools ensures that they can effectively detect and prevent the latest ransomware threats.
Another crucial step is to update operating systems, software applications and firmware regularly. These updates often carry security patches that address vulnerabilities that cybercriminals may exploit to deliver ransomware. By keeping all software up to date, users can avoid falling victim to known security flaws.
Regularly backing up relevant files to offline or cloud storage is an effective defense against ransomware. In the event of an attack, having recent backups ensures that users can restore their data without having to pay a ransom. Ensure that backups are conducted regularly and that the backup copies are not connected to the network during the backup process to prevent them from being compromised.
Educating oneself about the latest ransomware threats and techniques employed by cybercriminals is crucial. Users should stay informed about common attack vectors, social engineering tactics and emerging trends in ransomware attacks. This knowledge empowers users to recognize and avoid potential threats.
By implementing these measures and adopting a proactive mindset towards cybersecurity, users can significantly reduce the risk of falling victim to ransomware attacks and protect their data and devices.
The full set of demands displayed to the victims of the xCor Ransomware is:
'All your files have been encrypted!
Don't worry, you can return all your files!
If you want to restore them, write to the mail: xcorp@decoymail.mx YOUR ID 1E857D00
If you have not answered by mail within 12 hours, write to us by another mail:whisper@mailfence.com
Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 3Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The message found in the text file generated by the threat is:
'all your data has been locked us
You want to return?
write email xcorp@decoymail.mx or whisper@mailfence.com'
