Threat Database Ransomware Xmail@cock.li Ransomware

Xmail@cock.li Ransomware

By GoldSparrow in Ransomware

The Xmail@cock.li Ransomware is one of the many variants in the Scarab family. PC security researchers have uncovered numerous variants in this ransomware family that were released starting in April 2018. The Xmail@cock.li Ransomware emerged in June 2018 and is nearly identical to the numerous other Scarab variants. The large number of Scarab variants being released almost every day has made PC security researchers suspect that a Ransomware as a Service (RaaS) platform using this code has been released, allowing anyone to create variants of the Scarab family by paying its controllers an amount on the Dark Web and then filling out some form kind to ensure that the copy follows specific custom parameters. Because of the increasing number of these threats, it is more important than ever that computer users have backup copies of their data stored on the cloud or an external, protected memory device.

How the Xmail@cock.li Ransomware Attack Affects Your Files

The main target of the Xmail@cock.li Ransomware attack, like the many other ransomware Trojans active currently, is the user-generated content on the victim's computer, which may include various media files and commonly used documents. The Xmail@cock.li Ransomware will commonly be delivered to the victim through spam emails, usually as a file attachment in the form of a DOCX or DOC file with corrupted embedded macro scripts that download and install the Xmail@cock.li Ransomware onto the victim's computer. Once the Xmail@cock.li Ransomware has carried out its attack, the Xmail@cock.li Ransomware will make the victim's files inaccessible by encrypting them with a strong encryption algorithm. The following are examples of the files that are commonly targeted in attacks like the Xmail@cock.li Ransomware:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Once the Xmail@cock.li Ransomware corrupts a file, it will appear as a blank icon on the Windows Explorer, and it will no longer be accessible. The Xmail@cock.li Ransomware will identify the files encrypted by the attack by adding the file extension '..xmail@cock.li' to the end of each affected file's name.

The Xmail@cock.li Ransomware's Ransom Note

The Xmail@cock.li Ransomware delivers its ransom note in the form of a text file named 'Recover files-xmail@cock.li.TXT' that contains the following message:

'Attention: if you do not have money then you do not need to write to us!
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
====================
xmail@cock.li
====================
Your files are encrypted!
Your personal identifier:
[redacted 644 hex]
====================
To decrypt files, please contact us by email:
xmail@cock.li
====================
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
Attention: if you do not have money then you do not need to write to us!'

PC security researchers advise PC users to avoid contacting the criminals or following the instructions in the Xmail@cock.li Ransomware's ransom note. The chances of the criminals helping victims recover their files are very small, and it is likelier that victims will set themselves up for additional attacks. Because of this, preventive measures are the best. Computer users should always have file backups stored on the cloud or an external memory device and use a reliable security program at all times.

Trending

Most Viewed

Loading...