!XTPLOCK5.0 File Extension' Ransomware Description
Malware researchers discovered the '!XTPLOCK5.0 File Extension' Ransomware while investigating reports for files with a strange extension. Users reported seeing files featuring a '!XTPLOCK5.0' extension that was placed after the default file format. Also, the data inside was inaccessible. Further investigation revealed that the '!XTPLOCK5.0 File Extension' Ransomware was released to users via spam email. A moderate level of social engineering skill was applied to make the spam messages look like they were sent by trusted companies like Facebook, Amazon and PayPal.
The '!XTPLOCK5.0 File Extension' Ransomware may be a Successor to the MadLocker Ransomware
In-depth analysis of the code underneath the '!XTPLOCK5.0 File Extension' Ransomware brand lead to interesting discoveries. Security researchers noted that the '!XTPLOCK5.0 File Extension' Ransomware uses the same naming scheme as the MadLocker (ak.a. DMALocker) Ransomware and self-destruct mechanism. When the '!XTPLOCK5.0 File Extension' Ransomware completes the encryption process, it is programmed to delete its files and drop a ransom note named 'cryptinfo.txt' to the victim's desktop. The encryption engine of the '!XTPLOCK5.0 File Extension' Ransomware is known to combine the AES and RSA ciphers to lock file objects across local and network drives. Usually, the primary executable of threats like the JohnyCryptor Ransomware and the APT Ransomware can be found in the hidden Temp folder. Therefore, the '!XTPLOCK5.0 File Extension' Ransomware might run as and executable with a random name within that directory. Corrupted data containers are reported to carry the '!XTPLOCK5.0' extension and you may not be able to access information stored in the following formats:
.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.
The '!XTPLOCK5.0 File Extension' Ransomware does not Trigger a UAC Prompt and Runs with Limited Privileges
The '!XTPLOCK5.0 File Extension' Ransomware functions as an Encryption Trojan that can block the UAC (User Account Control) notification and run on guest accounts as well. The encryption process does not require a lot of system resources, and users may notice intense read/write activity on their drives. As stated above, the note comes as 'cryptinfo.txt' and provides a concise message. The operators of the '!XTPLOCK5.0 File Extension' Ransomware follow the standards set by threats like the CryptoWall Ransomware and direct the victim to create a Bitcoin wallet. The next step is to purchase 2 BTC from services like localbitcoins.com and coinbase.com. Victims are welcomed to pay around 1270 USD for the decryption software that can return their files back to normal. The note reads as follow:
'Attention! ! !
All of your copies of your system have been permanently deleted and the data on all partitions and workstations have been encrypted!
You can recover all your data by making a payment of 2 BTC (1200 USD) in Bitcoin currency in order to receive a decryption key.
In order to purchase Bitcions you can use www.coinbase.com
After buying BTC send the equivalent of 2 BTC (1200 USD) to our BTC adress:
[34 random characters]
After payment contact us to receive your decryption key. In mail title write your unique ID: [23 bytes long ID]
Our e-mail: firstname.lastname@example.org'
Decryption Service should not be Expected from the Makers of Ransomware
Experts advise against making payments to the '!XTPLOCK5.0 File Extension' Ransomware and contact with email@example.com. The coders behind the crypto malware are not likely to deliver a working decryptor since their aim is to extort you for money. Decryption service should not be expected from the makers of threats like the '!XTPLOCK5.0 File Extension' Ransomware and the Globe Ransomware because they are con artists at the end of the day. Security experts recommend users to install a reliable anti-malware tool that can purge the '!XTPLOCK5.0 File Extension' Ransomware from your machine. Next step is to use clean backups from removable media like USB thumb drives, CD/DVD disks and portable HDD storage. Moreover, services like Google Drive and Dropbox might prove invaluable when restoring your data structure from an attack with the '!XTPLOCK5.0 File Extension' Ransomware. These backups should allow you to recover comparatively fast and you should backup your files regularly to secure your information.
Do You Suspect Your PC May Be Infected with !XTPLOCK5.0 File Extension' Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like !XTPLOCK5.0 File Extension' Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.