Xda Ransomware

Xda Ransomware Description

The Xda Ransomware is a new strain that appeared in late-October 2019. However, it is believed to be an offshoot of the Dharma/Crysis Ransomware clan. In accordance with older Dharma attacks, this new variant assigns a unique nine-character ID number to each victimized PC. The ID number is a random mixture of numbers and letters and forms the first part of the extension appended to each encrypted file. It is then followed by the email contact provided by the crooks behind the attack. A .xda appendix rounds out the whole thing so that it looks like this:
[File name].[File type].ID-XXXXXXXXX.[fullrestore@qq.com].xda.

The pattern outlined above is typical for all known Dharma/Crysis Ransomware infections, yet the contact email - fullrestore@qq.com - is new, as is the alternate email provided for further communication with the crooks beyond the first 24-hour deadline – fullrestore@protonmail.com. They give victims the right to send o file for decryption, which serves to prove that the hackers behind Xda Ransomware have a decryption tool fully capable of reversing the encryption, as well as urge affected users to pay the required ransom amount in exchange for that tool.

The complete text of the note can be seen below.

Ransom note title – FILES ENCRYPTED.txt and Info.Hta
'All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail admin@sectex.net
Write this ID in the title of your message [random characters]
In case of no answer in 24 hours write us to theese e-mails: admin@sectex.world
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt your files.

Free decryption as guarantee
Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases, backups, large excel sheets, etc.)

How to obtain Bitcoins
The easiest way to buy Bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:

How Can I Buy Bitcoin?

• Do not rename encrypted files.
• Do not try to decrypt your data using third party software, it may cause permanent data loss.
• Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Xda Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Posted: October 29, 2019

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.