Threat Database Ransomware XD Locker Ransomware

XD Locker Ransomware

The XD Locker Ransomware is a file-locking Trojan that has no known family or Ransomware-as-a-Service. The XD Locker Ransomware attacks block the user's media like documents by encrypting the files, which may not be a reversible process. Users should keep backups for restoring any lost work and use dedicated security solutions for removing the XD Locker Ransomware or blocking attacks.

Textual Artistry and Emotive Snark from Net-Savvy Trojans

File-locking Trojans have innumerable examples of previous threats for drawing inspiration, and threat actors needn't put much work into the creative side of the payloads. Some of them do make this extra leap, either in the coy choices of their extensions and ransom notes or in more technical aspects, such as Vovalex Ransomware's use of the D programming language. The XD Locker Ransomware, a seemingly unrelated Trojan to any prior one, is another expression of this threatening creativity.

The XD Locker Ransomware is a Windows threat that blocks the user's files by encrypting them using a not-yet-analyzed algorithm. The attack includes an 'XL' extension (which could refer to a text emoticon or emoji). Malware researchers can't confirm the XD Locker Ransomware's deleting the Restore Points, even though most threats of this kind will do so – therefore, local backups can be an option for recovering the locked files. As usual, media formats like PNG pictures, DOC documents, etc., are at the most risk.

The XD Locker Ransomware includes a ransom note with ASCII art in the pop-up window, similar to the Resgatesup Ransomware (although without the Command Prompt abuse). The Trojan identifies itself in this warning and asks for a staggering thirty-thousand USD in Bitcoins for unlocking the user's media. These ransoms are usually the purview of targeted attacks against corporations and government networks. Threat actors may breach by using e-mail phishing lures, brute-forcing weak passwords, or abusing software vulnerabilities.

Preventing an 'Oops' that Costs More than is Worth Paying

The XD Locker Ransomware's ransom note is more than just a pop-up. It also includes redundant text in a series of numbered 'Oops' text files. While not traditional of most families of file-locking Trojans, this quirk appears periodically and is insufficient for determining any relationships with older threats. Somewhat recent cases of similar Trojan behavior include variants of the Snatch Ransomware and the Pizhon Ransomware's Russia-targeting campaign, both of them leveraging media encryption for extortion.

Oddly, malware researchers find samples of the XD Locker Ransomware with names implying that the Trojan is circulating as a very out-of-date Word version: 'Microsoft Word 2010.' However, the usual precautions apply to this tactic, as with more modern equivalents. Windows users should avoid downloading Microsoft programs from sources that the company doesn't endorse and strenuously reject software piracy resources like torrent directly.

The misleading EXE name is by no means any protection from cyber-security products. Traditional anti-virus and anti-malware tools will remove the XD Locker Ransomware and block the traditional drive-by-downloads and other infection vectors.

The XD Locker Ransomware is a little cheekier than more business-like Trojans, but solemn or merry, its attacks hurt just as much. Users hoping that a backup isn't necessary should remember how common threats like the XD Locker Ransomware are and update their data storage standards.


Most Viewed