Threat Database Ransomware '.xort File Extension' Ransomware

'.xort File Extension' Ransomware

By GoldSparrow in Ransomware

The '.xort File Extension' Ransomware is a ransomware Trojan that is used to encrypt its victims' files. The '.xort File Extension' Ransomware belongs to a large group of ransomware Trojans released in the first months of 2016. PC security researchers have determined that the '.xort File Extension' Ransomware and its variants are all clones of TeslaCrypt, a well-known ransomware Trojan that has been active since 2014. Although PC security researchers had previously found ways to help computer users recover their files from TeslaCrypt attacks, the '.xort File Extension' Ransomware belongs to a new version of this threat: TeslaCrypt 3.0. TeslaCrypt in its new versions encrypts files without permitting security analysts to recover the decryption key. This makes the '.xort File Extension' Ransomware and its variants particularly difficult to deal with. Malware analysts believe that the rise in TeslaCrypt variants such as the '.xort File Extension' Ransomware may be related to the release of this attack as RaaS (Ransomware as a Service) on underground forums.

The '.xort File Extension' Ransomware Attacks Specific Files Stored on the Infected Computer

The '.xort File Extension' Ransomware carries out a typical ransomware attack when infecting a PC. The '.xort File Extension' Ransomware may be delivered using compromised email attachments that may use social engineering tactics to convince inexperienced computer users to download and open the attached file. After the file is opened, the '.xort File Extension' Ransomware runs automatically, scans the victim's computer and encrypts all files that match a list of extensions contained in the '.xort File Extension' Ransomware's configuration settings. The following are the file extensions that the '.xort File Extension' Ransomware and its variants typically search for (new file types may be included in each update to this threat):

.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt.

The '.xort File Extension' Ransomware uses AES encryption to encrypt the victim's files, changing their extension to XORT. As long as a file has been encrypted by the '.xort File Extension' Ransomware, it is impossible to recover it without the decryption key, which is not accessible without paying a ransom. The '.xort File Extension' Ransomware blocks other methods of file recovery, such as the System Restore or restoring the files from Shadow Volume copies. To notify the victims of the attack, the '.xort File Extension' Ransomware and its variants display pop-up messages and drop ransom notes on their computers. Ransom notes associated with the '.xort File Extension' Ransomware may take the form of HTML, TXT, or image files that are dropped in directories where the files were encrypted. The following is an example of a typical ransom note used by the '.xort File Extension' Ransomware or some other TeslaCrypt 3.0 variants:

Your personal files are encrypted!
Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click "Show Encrypted Files" button to view a complete list on encrypted files, and you can personally verify this.
Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.

Trending

Most Viewed

Loading...