Xrom Ransomware
Cybersecurity researchers have identified a threatening malware variant belonging to the disreputable Dharma Ransomware family. The threat is tracked as the Xrom Ransomware and the potential damage it could cause to the infected devices is significant. Due to its uncrackable encryption routine, the files impacted by the threat may not be possible to restore without the necessary decryption keys.
Like most Dharma variants, Xrom also modifies the names of the files it locks. The threat will first attach an ID string generated specifically for the particular victim. Next, it will add an email address controlled by the attackers - 'money21@onionmail.org.' Finally, '.xrom ' will be appended as a new file extension. When all targeted file types have been processed, Xrom will deliver two ransom notes to its victims.
One will be dropped on the breached device as a text file named 'FILES ENCRYPTED.txt.' The message contained inside is extremely basic, simply telling the affected users to contact either the email from the file names or a secondary address at 'qazqwe@msgsafe.io.' A longer ransom-demanding message will be displayed in a pop-up window. However, the information provided to the victims is practically identical. The only difference is that the pop-up instructions end with several warnings.
The ransom note shown as a pop-up window reads:
'YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email money21@onionmail.org YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:qazqwe@msgsafe.io
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The text file's content is:
'all your data has been locked us
You want to return?
write email money21@onionmail.org or qazqwe@msgsafe.io'
