Home Malware Programs Ransomware Xorist-TAKA Ransomware

Xorist-TAKA Ransomware

Posted: September 17, 2020

The Xorist-TAKA Ransomware is a file-locking Trojan from Xorist Ransomware's family, which uses a 'freeware' Trojan-builder kit. It can stop users from opening their files by encrypting them and includes symptoms such as changes to extensions and pop-up alerts with ransom instructions. Users should withhold ransoms, if practical, let their anti-malware services remove the Xorist-TAKA Ransomware infections, and recover from backups or freeware services.

A Trojan Heads to Bengal for Data Assault

What's perhaps a semi-targeted campaign against Bengali victims is just making itself known in the threat landscape. The Xorist-TAKA Ransomware is a variant of the well-known family of the Xorist Ransomware, which uses a Trojan-building tool without programming knowledge requirements. Besides its geographical niche, the Xorist-TAKA Ransomware also sets itself apart for how much it wants to make per victim, which is unexpectedly low.

The Xorist-TAKA Ransomware campaign is asking for under one hundred USD in ransom for each victim and, as such, is likely to see distribution on a broad and indiscriminate scale. Malware experts can confirm various features, as expected, from the Xorist Ransomware family, including data encryption for blocking files, hijacking the user's wallpaper, and creating a Windows dialog box as a pop-up alert. That both the pop-up and the e-mail address include Bengali is a noteworthy occurrence for its rarity among file-locker Trojans.

The Xorist-TAKA Ransomware's wallet has no payments to it. This fact isn't astonishing; the Xorist Ransomware family (see also the Crypto1CoinBlocker Ransomware, the Xorist-Frozen Ransomware, the Wannacry666 Ransomware, or ZoNiSoNaL Ransomware) uses one of the weaker encryption routines for such Trojans. It's possible that victims can recover their work with freeware decryption utilities, but all users also should have an external backup as a last resort.

Tending to Exotic Trojans from Pedestrian Sources

The Xorist-TAKA Ransomware's family is low in sophistication and has few protections against cyber-security products flagging it and minimal 'bells and whistles' that further damage or wipe data. However, even the Xorist-TAKA Ransomware's payload can harm most media files sufficiently (or other formats that the attacker specifies) that they can't open without decryption of questionable availability. Additionally, this version of the Xorist Ransomware family includes punishment for victims failing at the password too many times: destroying the recovery key.

Bengal includes both Bangladesh and West Bengal, but most file-locker Trojans have few limits on their encryption-using attacks. Windows users worldwide are at possible risk after exposure to the Xorist-TAKA Ransomware, which can occur through torrents, e-mail attachments or social messaging links. Precautions should include using strong passwords as a preemptive defense against brute-force attacks, and malware experts urgently recommend against any contact with illegal downloads like game cracks.

Windows-compatible dedicated anti-malware services are another and highly-effective means of protection against file-locker Trojans.

The ways criminals can use Trojan construction kits are even more varied than the hues of a rainbow, but stopping them requires simpler and more consistent steps. As long as there's a backup not at risk, the Xorist-TAKA Ransomware is harmless, helpless, and, hopefully, penniless.