XZZX Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 14 |
| First Seen: | April 20, 2021 |
| Last Seen: | March 2, 2022 |
| OS(es) Affected: | Windows |
The XZZX Ransomware is an encryption ransomware Trojan that is used to extort computer users. The XZZX Ransomware is delivered to victims through spam email attachments or a variety of other means and, once installed, the XZZX Ransomware will encrypt the victim's files using a strong encryption algorithm. The XZZX Ransomware does this to take the victim's files hostage, forcing the victim to make a ransom payment so that a decryption key that is necessary to gain access to the encrypted files will be provided.
Table of Contents
There’s nothing New in the XZZX Ransomware Attack
The XZZX Ransomware is a variant of CryptMix, a family of ransomware that has been active in the past. PC security researchers observed the XZZX Ransomware’s attacks in the first days of November 2017. The XZZX Ransomware receives its name because after encrypting the victim's files, the XZZX Ransomware adds the file extension .'XZZX' to the files that it encrypts. The XZZX Ransomware will target the user-generated files, which can include all types of audio and video files, images, texts, and numerous file types associated with commonly used applications. The XZZX Ransomware also makes changes to the victim's computer, which prevents the victim from recovering the affected files using alternative means. For example, the XZZX Ransomware (like many other encryption ransomware Trojans) will delete the Shadow Volume Copies of the victim's files, making it impossible for victims to restore their files using this alternative method. The files types that threats like the XZZX Ransomware target in their attack are:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
How Cybercrooks may Profit from Threats Like the XZZX Ransomware
The XZZX Ransomware's purpose is to extract ransom payments from its victims. The people responsible for the XZZX Ransomware deliver a ransom note offering their 'decryption service' to the victim. The XZZX Ransomware's ransom note is contained in a text file named '_HELP_INSTRUCTION.txt,' which instructs the victims to contact the XZZX Ransomware's creators via email to receive further instructions. To date, the following email addresses have been linked to the XZZX Ransomware attacks:
- xzzx@tuta.io
- xzzx1@protonmail.com
- xzzx10@yandex.com
- xzzx101@yandex.com
Unfortunately, the XZZX Ransomware uses an encryption method that is quite secure, making it nearly impossible for victims to recover their files after an attack. However, it is not a good decision to contact the cybercrooks or pay the XZZX Ransomware ransom. In most cases, these people will not help computer users restore their files, and contacting them may put the victim in a position of vulnerability for further threat attacks (having already shown a willingness to pay the ransom).
Protecting Your Data from Threats Like the XZZX Ransomware
The best protection against the XZZX Ransomware and similar ransomware is to have file backups. Keeping your data backed up on the cloud in secure locations that the Trojan can't encrypt or delete means that computer users can restore their files after an attack and don't have any reason to pay the ransom amount that the people responsible for the XZZX Ransomware demand. Apart from file backups, computer users also should have a security program to remove the XZZX Ransomware infection itself.
