bH4T Ransomware Description
The XNMMP Ransomware is a file-locking Trojan that's an update to the CONTI Ransomware. The XNMMP Ransomware stops users from opening their files by encrypting them and offering the unlocking service for a ransom. Backups on other devices can help recover any files, although traditional cyber-security software should remove the XNMMP Ransomware from Windows PCs without issues.
2019's Black Hat Software Stays Out in the Field
Sticking it out in the threat landscape long-term, especially for file-locker Trojans, isn't a given. Thus, it's not insignificant that malware researchers monitor a new variation on the CONTI Ransomware – one of the smallest families of these Trojans from 2019. The 2020 release is the XNMMP Ransomware, which improves the ransoming instructions while keeping the attacks that support them more or less the same.
The XNMMP Ransomware still is capable of blocking files with the archetypal attack that securely encrypts documents, pictures, spreadsheets, archives and other media. Changes to extensions are a typical facet of these campaigns, and the XNMMP Ransomware continues it with the string from its name as an addition to the victimized files' names. Less frequently, the ransom notes are rewrites, which is true of the XNMMP Ransomware's payload.
The XNMMP Ransomware whimsically renames its ransom note as 'R3ADM3' and rewrites the contents for promoting a TOR ransoming service, which provides anonymity to threat actors operating on the Web. Notably, the Trojan still identifies itself as the CONTI Ransomware. Users should be careful concerning ransoms and payments to criminals, which can provoke attacks without necessarily getting the help they need for data recovery.
Protecting Files from Trojans Big and Small
The XNMMP Ransomware's acronym has no readily-apparent meaning, although malware researchers deem business entities at the most risk of falling into the Trojan's victim demographics. Servers and networks with weak passwords can experience breaches through brute-force attacks, along with the dangers that out-of-date software imposes through their vulnerabilities. Admins also should restrict RDP access carefully and make sure that workers understand the risks of enabling documents' macros or advanced content.
Malware analysts continue confirming the XNMMP Ransomware's compatibility with Windows systems only. Security products for that OS should delete the XNMMP Ransomware and stop any encryption feature from damaging files from the outset.
The XNMMP Ransomware is careful about its method of destroying files' backups while turning the originals into leverage for money. Those who don't have more money than sense would do well to save backups on more spaces than just their personal computer or face the repercussions.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to bH4T Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.