Threat Database Ransomware XNMMP Ransomware

XNMMP Ransomware

The XNMMP ransomware is a new member of the CONTI family of ransomware. XNMMP itself has two other variants too. Once the cryptovirus gets on your computer, it locks down crucial data and essential files inside the system, making it impossible to access them. One variant of the malware adds the ".XNMMP" file extension to infected files, while the other uses ".TJODT" instead. The cryptovirus can infect almost every file type, including audio, images, videos, documents, spreadsheets, and more, making it impossible for users to access them.

More Information on XNMMP

The XNMMP ransomware was discovered by the security researcher GrujaRS. The virus has already infected many Windows computers across the world. The ransomware creates a ransom note called "R3ADM3.txt" in all infected folders. Another copy is put on the desktop for good measure. The message instructs victims on how to purchase the necessary decryption software from the attacker to restore their locked data. Victims must contact the criminals through the Tor browser to learn more.

The specific ransom demand for this ransomware is between $200 and $1,500 – to be paid in bitcoin. The note also mentions that attempting to recover files through third-party decryptors or file restoration tools could cause permanent data loss. Finally, the attackers threaten to publish your sensitive data if you don’t pay up.

The following is a full look at the R3ADM3.txt file:

All of your files are currently encrypted by CONTI ransomware.
If you try to use any additional recovery software – the files might be damaged or lost.
To make sure that we REALLY CAN recover data – we offer you to decrypt samples.
You can contact us for further instructions through our website :
(you should download and install TOR browser first hxxps://
Just in case, if you try to ignore us. We’ve downloaded your data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us ASAP.

Text Presented In The Website:
CONTI recovery service
If you are looking at this page right now, that means that your network was succesfully breached by CONTI team.
All of your files, databases, application files etc were encrypted with military-grade algorithms.
If you are looking for a free decryption tool right now – there’s none.
Antivirus labs, researches, security solution providers, law agencies won’t help you to decrypt the data.
If you are interested in out assistance upon this matter – you should upload README.TXT file
to be provided with further instructions upon decryption.

Should I Pay the Ransom?

Unfortunately, the attackers aren’t lying when they say that the only way to undo the encryption is with their decryption tool. Even so, security experts always recommend against paying hackers. There is no guarantee that they will live up to their end of the deal and hand over the decryption tool. More often than not, these criminals ignore victims as soon as they get their money. Even if they do deliver the tool, there’s no guarantee that it will work. Even if the tool does work, the risk of re-infection is present, and the decryption tools won’t work a second time around.

What to do if Your Computer is Infected with XNMMP

The first thing to do if your computer is infected is to remove the virus. The longer XNMMP stays on your computer, the more damage it can do. There’s no sense in restoring your files only to have them encrypted again instantly. Once the virus is gone, you can use an external backup to restore the lost data. If you don’t have an external backup, it may be possible to use file recovery software. Keep in mind that recovery software isn’t a perfect method, as ransomware such as this deletes System Recovery restore points and Shadow Volume copies, which this software needs to operate correctly.

How Does XNMMP Infect Computers?

Researchers haven’t pinpointed exactly how XNMMP spreads yet. With that said, these threats all follow a similar infection method. They primarily spread through malspam campaigns. A malspam campaign is when attackers send hundreds of thousands of emails with malicious files or links attached. The attachments are often productivity documents like spreadsheets or PDF files. The file can also be an executable or archive file, such as a ZIP file. When the recipient accesses the attached file, their computer is infected.

The best way to protect your computer against malware threats like this is to ignore any spam emails you get. If you don’t know where the email came from, ignore it. Don’t forget to install robust security software on your computer as well. A reliable security solution can catch an infection before it does any damage.


Most Viewed