Threat Database Ransomware XCrypto Ransomware

XCrypto Ransomware

By GoldSparrow in Ransomware

Ransomware is one of the most popular Trojans and one of the regular users’ worst nightmares. If a file-locker finds its way to your computer, it will use an encryption algorithm to lock your data and then extort you for money in return for a decryptor. One of the latest examples of this nasty threat is the XCrypto Ransomware.

Propagation and Encryption

The XCrypto Ransomware may be distributed via phishing emails. These fraudulent emails would typically consist of a message riddled with social engineering tricks and a macro-laced attached file. If the user gets tricked into launching the attachment, the file-locker will be executed and take over their computer. Other distribution techniques that may be involved in spreading the XCrypto Ransomware may be corrupted advertisements, torrent trackers, bogus application updates, fake social media posts, etc. When the XCrypto Ransomware breaches your system, it will scan your data and locate the files, which will be selected for encryption. The XCrypto Ransomware targets a long list of filetypes, which means that all your images, audio files, videos, databases, archives, presentations, spreadsheets, and documents will be encrypted and, therefore, rendered unusable. When the XCrypto Ransomware locks a file, it marks it by appending a '.id=[< VICTIM ID>].email=[]..XCrypto’ extension to its name. For example, a file named ‘silver-spoon.pdf’ will be renamed to ‘[< VICTIM ID>].email=[]..XCrypto.’

The Ransom Note

The XCrypto Ransomware drops a ransom note on the user’s system called ‘how to recover my files.hta.’ In the ransom note, the attackers provide two email addresses as a means of contacting them – ‘’ and ‘’ These people are willing to decrypt up to five files with no cost, as long as their total size does not exceed 4MB, and they do not contain any important information. The authors of the XCrypto Ransomware also include a step by step guide on how to obtain Bitcoin, as they demand to be paid in BTC.

It is advisable to ignore the demands of cyber crooks. You never know if you will be provided with the decryption key you need, even if you pay the ransom fee that the attackers demand. It is advisable to install a genuine anti-virus solution that will eliminate the XCrypto Ransomware from your PC quickly.

Related Posts


Most Viewed