XRatLocker Ransomware
Ransomware is a subclass of malware that specializes in encrypting the user's files and then extorting its victims in exchange for the potential restoration of the locked data. The XRatLocker Ransomware is exactly that threat kind, as it displays little deviation from the typical ransomware behavior. If the threat manages to sneak itself onto the targeted system, it will initiate an encryption process that will render nearly all files stored there inaccessible. To mark the affected files, the XRatLocker Ransomware will append '.crypted' to their original names as a new file extension. Afterward, the malware will proceed to deliver its ransom note. The instructions will be contained inside Html files named 'how to recover files.html.' A copy of the ransom-bearing file will be dropped in each folder with encrypted files inside.
The instructions do not mention the exact sum that the hackers want to receive as a ransom. It does clarify that the encryption routine used a combination of the AES and RSA cryptographic algorithms. Furthermore, users are told that the money transfer needs to be completed via the Bitcoin cryptocurrency. Throughout the ransom note, the cybercriminals stress time and again that victims should initiate communication by sending a message to the 'recupes@tutanota.com.' If 24 hours pass without a response from the hackers, a secondary email address at 'chickenfried@keemail.me.' Victims of XRatLocker Ransomware are not provided the chance to send any locked files to be decrypted for free as a demonstration of the hacker's ability to restore the data.
The full text of the ransom note delivered by XRatLocker Ransomware is:
'Your Key:
Encrypted files!
All your files are encrypted.Using AES256-bit encryption and RSA-2048-bit encryption.
Making it impossible to recover files without the correct private key.
If you are interested in getting is the key and recover your files
You should proceed with the following steps.
The only way to decrypt your files safely is to buy the Descrypt and Private Key software.
Any attempts to restore your files with the third-party software will be fatal for your files!
To proceed with the purchase you must send mail to recupes@tutanota.com if we don't respond within 24 hours, send mail to chickenfried@keemail.me
relax all your files are safe
Wait be patient .. send mail to recupes@tutanota.com for recover all your data
send mail to recupes@tutanota.com
enter your ID KEY in the email subject
we will identify you from your id KEY
only mail address thrust is recupes@tutanota.com OR chickenfried@keemail.me
to have your data again, let's ask for a bitcoin value, a simple donationthe only way to get your data back is by writing to us, do not forget when contacting send your id "Your KEY" in the subject of the email
recupes@tutanota.com if i don't reply in 24 hours send mail to chickenfried@keemail.me
Your Key:'
