bH4T Ransomware

Posted: October 22, 2020

bH4T Ransomware Description

The XNMMP Ransomware is a file-locking Trojan that's an update to the CONTI Ransomware. The XNMMP Ransomware stops users from opening their files by encrypting them and offering the unlocking service for a ransom. Backups on other devices can help recover any files, although traditional cyber-security software should remove the XNMMP Ransomware from Windows PCs without issues.

2019's Black Hat Software Stays Out in the Field

Sticking it out in the threat landscape long-term, especially for file-locker Trojans, isn't a given. Thus, it's not insignificant that malware researchers monitor a new variation on the CONTI Ransomware – one of the smallest families of these Trojans from 2019. The 2020 release is the XNMMP Ransomware, which improves the ransoming instructions while keeping the attacks that support them more or less the same.

The XNMMP Ransomware still is capable of blocking files with the archetypal attack that securely encrypts documents, pictures, spreadsheets, archives and other media. Changes to extensions are a typical facet of these campaigns, and the XNMMP Ransomware continues it with the string from its name as an addition to the victimized files' names. Less frequently, the ransom notes are rewrites, which is true of the XNMMP Ransomware's payload.

The XNMMP Ransomware whimsically renames its ransom note as 'R3ADM3' and rewrites the contents for promoting a TOR ransoming service, which provides anonymity to threat actors operating on the Web. Notably, the Trojan still identifies itself as the CONTI Ransomware. Users should be careful concerning ransoms and payments to criminals, which can provoke attacks without necessarily getting the help they need for data recovery.

Protecting Files from Trojans Big and Small

The XNMMP Ransomware's acronym has no readily-apparent meaning, although malware researchers deem business entities at the most risk of falling into the Trojan's victim demographics. Servers and networks with weak passwords can experience breaches through brute-force attacks, along with the dangers that out-of-date software imposes through their vulnerabilities. Admins also should restrict RDP access carefully and make sure that workers understand the risks of enabling documents' macros or advanced content.

More casually, all users should protect themselves by simple expedients like turning off JavaScript and Flash while browsing websites. In some cases, torrents, fake software updates, and illicit download links can provide exposure to file-locking Trojans like the XNMMP Ransomware. As usual, safe and law-abiding downloading behavior will stop these attacks before they start.

Malware analysts continue confirming the XNMMP Ransomware's compatibility with Windows systems only. Security products for that OS should delete the XNMMP Ransomware and stop any encryption feature from damaging files from the outset.

The XNMMP Ransomware is careful about its method of destroying files' backups while turning the originals into leverage for money. Those who don't have more money than sense would do well to save backups on more spaces than just their personal computer or face the repercussions.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to bH4T Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware bH4T Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.