Home Malware Programs Ransomware '.Mr-X666 File Extension' Ransomware

'.Mr-X666 File Extension' Ransomware

Posted: March 25, 2019

The '.Mr-X666 File Extension' Ransomware is a file-locking Trojan that can stop content such as documents, pictures or archives from opening. The name '.Mr-X666 File Extension' Ransomware is a working title and many AV vendors may use the moniker Mr-X666 Ransomware instead. Although it shouldn't impede any software-critical files, such as executables, or your operating system, it can keep more personal content hostage indefinitely. Users can back their files up on other devices for restoring and use anti-malware products for finding, blocking or uninstalling the '.Mr-X666 File Extension' Ransomware.

Mister 'X' is Coming for Your PC

Threat actors jumping on the Internet joke bandwagons for their campaigns' publicity isn't a new thing, although some of them are more current than others. In what could be a reference to the recent release of the zombie survival game, Resident Evil 2, the '.Mr-X666 File Extension' Ransomware is making appearances that, ironically, include cases of mistaken identity. Some security solutions, while identifying it as being a threat, are misinterpreting it as another variant of an important Ransomware-as-a-Service family – which could cause file-repairing problems for its victims.

The '.Mr-X666 File Extension' Ransomware is being mistaken as a Globe Imposter Ransomware member, possibly, due to the similarity of its ransoming message to those of that family. However, malware analysts' can confirm the use of a wholly different encryption routine, via SHA and RSA algorithms, for locking content like PDFs, JPGs and DOCs. The '.Mr-X666 File Extension' Ransomware, also, adds its extension onto their names but doesn't remove any already-present ones (for instance, 'kitten.jpg' would become 'kitten.jpg.Mr-X666').

The '.Mr-X666 File Extension' Ransomware provides the same folders that contain any encrypted and, therefore, hostage content with one Notepad ransoming message. The text solicits future negotiations at one of two e-mail addresses, with the only oddity being its threat actor's use of an AOL account. In general, malware experts recommend submitting samples to trustworthy PC security researchers for their decryption analysis instead of paying for what could become a futile unlocking attempt.

Sparing Your Files from Getting the Big X

The '.Mr-X666 File Extension' Ransomware's samples are providing insufficient evidence of how it could be in circulation, so far. Malware experts can, despite that, confirm its installation on victims' PCs in Brazil. The English basis of its messages implies that the campaign isn't targeting that nation, in particular, and it could be being introduced to targets via-brute forcing or spam e-mails randomly. The use of advanced passwords and safe Web-browsing habits are, accordingly, crucial to keeping your PC out of the way of any infection vectors.

Post-infection, decryption may or may not be possible for any data recovery. Users can prevent the '.Mr-X666 File Extension' Ransomware's taking their media hostage by saving files to appropriately-secure backup locations, such as peripheral devices. Since the initial assessments of its encryption security are not encouraging, a pre-infection backup should be the default recovery solution for virtually all victims of the Trojan's campaign. Most anti-malware products, also, may limit the damages by deleting the '.Mr-X666 File Extension' Ransomware or halting its installer.

Who else this 'Mister X' is coming for remains in flux. What's sure is that anyone considering their files worth money should invest just as much in their security and backup schedule as they would put into any ransom.

Loading...