Threat Database Ransomware XRatLocker Ransomware

XRatLocker Ransomware

Ransomware is a subclass of malware that specializes in encrypting the user's files and then extorting its victims in exchange for the potential restoration of the locked data. The XRatLocker Ransomware is exactly that threat kind, as it displays little deviation from the typical ransomware behavior. If the threat manages to sneak itself onto the targeted system, it will initiate an encryption process that will render nearly all files stored there inaccessible. To mark the affected files, the XRatLocker Ransomware will append '.crypted' to their original names as a new file extension. Afterward, the malware will proceed to deliver its ransom note. The instructions will be contained inside Html files named 'how to recover files.html.' A copy of the ransom-bearing file will be dropped in each folder with encrypted files inside.

The instructions do not mention the exact sum that the hackers want to receive as a ransom. It does clarify that the encryption routine used a combination of the AES and RSA cryptographic algorithms. Furthermore, users are told that the money transfer needs to be completed via the Bitcoin cryptocurrency. Throughout the ransom note, the cybercriminals stress time and again that victims should initiate communication by sending a message to the '' If 24 hours pass without a response from the hackers, a secondary email address at '' Victims of XRatLocker Ransomware are not provided the chance to send any locked files to be decrypted for free as a demonstration of the hacker's ability to restore the data.

The full text of the ransom note delivered by XRatLocker Ransomware is:

'Your Key:
Encrypted files!
All your files are encrypted.Using AES256-bit encryption and RSA-2048-bit encryption.
Making it impossible to recover files without the correct private key.
If you are interested in getting is the key and recover your files
You should proceed with the following steps.
The only way to decrypt your files safely is to buy the Descrypt and Private Key software.
Any attempts to restore your files with the third-party software will be fatal for your files!
To proceed with the purchase you must send mail to if we don't respond within 24 hours, send mail to
relax all your files are safe
Wait be patient .. send mail to for recover all your data
send mail to
enter your ID KEY in the email subject
we will identify you from your id KEY
only mail address thrust is OR
to have your data again, let's ask for a bitcoin value, a simple donation

the only way to get your data back is by writing to us, do not forget when contacting send your id "Your KEY" in the subject of the email if i don't reply in 24 hours send mail to
Your Key:


Most Viewed