Xioxian Ransomware
Cybercriminals are utilizing a nefarious malware threat, designed to lock the data of their victims. The threat is named the Xioxian Ransomware and can easily encrypt a wide range of different file types. The hackers can render the victim's documents, databases, archives, project files, etc. inaccessible entirely. The goal is to then use the data as a hostage, to extort money from the affected entity.
As part of its invasive actions, the Xioxian Ransomware also will modify the names of the locked files. More specifically, it will append '.xioxian' as a new file extension. To inform victims about their next actions, the hackers drop a ransom note with instructions. The message is delivered inside a new text file generated on the system under the name '#Congratulations#.txt.'
Ransom Note's Details
The ransom note left by the Xioxian Ransomware does not reveal the exact amount of the ransom demanded by the attackers. However, it does state that victims who establish contact in the first 12 hours following the attack will receive preferential treatment by having to pay 50% less. Victims are warned that upon exceeding 72 hours without sending a message, their private data will be published to the public or sold to competitors. To avoid this outcome, victims are expected to send an email to the 'xioxian@onionmail.org.' As part of their message, they should provide their specific victim's ID and send up to 3 files to be decrypted for free. The chosen files must be less than 1 MB in size.
The full text of Xioxian Ransomware's note is:
'Hello my dear friend!
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore your files you need to write on our mail - xioxian@onionmail.orgSkype XIOXIAN Decryption
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
We work 24/7 and if you write in 12h after decryption - you will get 50% discount
Our company values its reputation. We give all guarantees of your files decryption
IF WE DONT SEE MESSAGES FROM YOU IN 72 HOURS - WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS,AFTER YOU WILL SEE IT AT OPEN SOURCE AND DARKNET
Start messaging with an incident ID and 2-3 test files up to 1mb
your unique ID'
