Zixer2 Ransomware

First observed on April 3rd, 2017, the Zixer2 Ransomware is a ransomware Trojan that has infected computer users all around the world. Like many other recent ransomware Trojans, the Zixer2 Ransomware is being distributed through corrupted documents attached to spam email messages. These documents use macros to execute debased code and download and install the Zixer2 Ransomware on the victim's computer. The Zixer2 Ransomware is a new variant of the XORist Ransomware, a known ransomware Trojan that was first observed in March 2016. The Zixer2 Ransomware adds new obfuscation to this threat, as well as connecting to different Command and Control servers. PC security researchers haven't seen many variants in this ransomware family, with only two other known ransomware Trojans having been observed by PC security researchers to date. The Zixer2 Ransomware represents a significant threat to the victims' data, and it is important to take preventive measures to limit the damage in case of a Zixer2 Ransomware attack.

The Zixer2 Ransomware Lacks Problems Present on XORist

The Zixer2 Ransomware uses a combination of the AES and RSA encryption to make the victim's data inaccessible completely. Despite that the Zixer2 Ransomware seems to be an updated version of the XORist Ransomware, the con artists have fixed weaknesses in the XORist's code that had allowed for the release of a decryptor. In the case of the Zixer2 Ransomware, it is not possible to decrypt the files that have been infected in the Zixer2 Ransomware attack currently. However, it may be possible that a decryption utility may be released for the Zixer2 Ransomware eventually.

The Zixer2 Ransomware receives its name from the marker that is used to identify the files encrypted during the attack. The Zixer2 Ransomware adds the file extension '.zixer2' to the end of each file that has been encrypted. The Zixer2 Ransomware will encrypt all files on local drives as well as on external memory devices connected to the infected computer. In fact, our PC security researchers have observed that the Zixer2 Ransomware will even go as far as encrypting data on network shares and on portable media players connected to the infected computer, making it possible for the Zixer2 Ransomware infection to reach new targets. Once the Zixer2 Ransomware has encrypted a file, it will show up in the Windows Explorer as a blank icon and will be completely unreadable.

How the Zixer2 Ransomware may Extract a Ransom from the Victim

The purpose of the Zixer2 Ransomware attack is to prevent the victim from recovering the files. Apart from encrypting the victim's files, will also delete Shadow Volume Copies and other possible recovery options. The Zixer2 Ransomware will deliver its ransom note in the form of a text file which will be dropped on the infected computer's Desktop. This file, named 'HOW TO DECRYPT FILES.TXT' contains the following message:

'ATTENTION !
All Your Files Was Encrypted !
E-mail addresses: Datares@india.com'

Counteracting the Zixer2 Ransomware Infectio

Our malware analysts strongly advise computer users to avoid contacting the email address in the ransom note listed above. Instead, our PC security researchers strongly advise computer users to back up their files on the cloud or an external memory device. Paying the Zixer2 Ransomware ransom simply allows these criminals to continue carrying out these attacks and profiting at the expense of computer users. The criminals responsible for the Zixer2 Ransomware attack will rarely keep their promise to help computer users recover their data after the payment has been made, and inexperienced computer users will often find that their computer becomes repeatedly infected, requiring repayment each time. Instead of paying, our PC security researchers strongly advise computer users to have a reliable security program that is fully up to date, to handle all unsolicited email attachments with caution, and to always backup files on an external memory device or the cloud.