Xolzsec Ransomware
Posted: August 28, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 126 |
| First Seen: | August 28, 2017 |
|---|---|
| Last Seen: | January 19, 2022 |
| OS(es) Affected: | Windows |
The Xolzsec Ransomware is an EDA2-based Trojan that encrypts your files to block them. It contains no ransom-related components or method for the victim to unlock their media. Victims may contact a security researcher for decryption assistance or use a backup to roll-back to the non-encoded versions of their files. While you always should have appropriate security protocols for blocking this threat's installation, qualified anti-malware programs also may delete the Xolzsec Ransomware after an infection.
Trolling Your Files with a Happy Face
Another variant of the Turkish EDA2 program is now available to the public, both for illicit misuse and their corresponding, data-blocking infections. This version of Utku Sen's open-source project is being dubbed the Xolzsec Ransomware, with the GitHub website serving as a repository for its code. The threat actors responsible for this version of the Trojan also are collecting a small group of related projects, including blogging site exploits and other types of file-encrypting Trojans.
The Xolzsec Ransomware encodes any files fitting its internal list of target formats with an AES-based cipher, locking them from opening. The threat actor also chose to include a customized '.xolzsec' extension in the payload, which lets the victim identify the blocked content on sight. Other, visible symptoms of the infection include pop-ups or wallpaper-hijacking attacks for displaying the Xolzsec Ransomware's equivalent of a ransom note: a troll face image with mocking, 'script kiddie' commentary.
The Xolzsec Ransomware is an unusual but not unheard of part of the EDA2's family for avoiding any provisions for decryption recommendations. The Xolzsec Ransomware has no bundled decryption feature, and malware experts can connect no other unlocking-related functionality to this threat. It's possible that the Trojan is incomplete or that its deployment is meant for causing damage, without profits solely.
Escaping a File Locker that's not Giving You an Exit
A sweeping majority of file-encrypting Trojans try to profit, in some way, from their attacks. Most threat actors prefer requesting the Bitcoin currency, in exchange for giving the victim a decryptor (that always may not work). However, the Xolzsec Ransomware lacks any such features and leaves its victims without any choice but to look for third-party help for any decoding assistance. Although malware analysts recommend having backups that alleviate the dependency on a decryptor, EDA2 variants like the Xolzsec Ransomware also are compatible with free decryption software frequently.
As a public domain resource, much like EDA2, the Xolzsec Ransomware may use infection methods not yet verifiable by malware experts' current sources. These vectors can include any of the following examples:
- Email attachments may hide installers for the Xolzsec Ransomware inside of what looks like a document-based content.
- Exploit Kits on hacked or hostile websites may install this threat, or others like it, through various exploits.
- Threat actors also may circulate file-encrypting Trojans with misinforming names or bundle them with other installers.
Along with making backups a regular part of your PC work schedule, you can protect your files by identifying and removing the Xolzsec Ransomware before it finishes its encryption sweep. Most anti-malware programs have reasonable rates for detecting threats of the EDA2 family, which lacks any serious analysis protection.
As products of the imaginations and motivations of their programmers, Trojans always give their victims an escape hatch that's worth using. Whether it's better to be asked to pay an expensive ransom or have no ability to recover your files from the Xolzsec Ransomware is a theoretical exercise left to the reader.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.