Home Malware Programs Ransomware bH4T Ransomware

bH4T Ransomware

Posted: October 22, 2020

The XNMMP Ransomware is a file-locking Trojan that's an update to the CONTI Ransomware. The XNMMP Ransomware stops users from opening their files by encrypting them and offering the unlocking service for a ransom. Backups on other devices can help recover any files, although traditional cyber-security software should remove the XNMMP Ransomware from Windows PCs without issues.

2019's Black Hat Software Stays Out in the Field

Sticking it out in the threat landscape long-term, especially for file-locker Trojans, isn't a given. Thus, it's not insignificant that malware researchers monitor a new variation on the CONTI Ransomware – one of the smallest families of these Trojans from 2019. The 2020 release is the XNMMP Ransomware, which improves the ransoming instructions while keeping the attacks that support them more or less the same.

The XNMMP Ransomware still is capable of blocking files with the archetypal attack that securely encrypts documents, pictures, spreadsheets, archives and other media. Changes to extensions are a typical facet of these campaigns, and the XNMMP Ransomware continues it with the string from its name as an addition to the victimized files' names. Less frequently, the ransom notes are rewrites, which is true of the XNMMP Ransomware's payload.

The XNMMP Ransomware whimsically renames its ransom note as 'R3ADM3' and rewrites the contents for promoting a TOR ransoming service, which provides anonymity to threat actors operating on the Web. Notably, the Trojan still identifies itself as the CONTI Ransomware. Users should be careful concerning ransoms and payments to criminals, which can provoke attacks without necessarily getting the help they need for data recovery.

Protecting Files from Trojans Big and Small

The XNMMP Ransomware's acronym has no readily-apparent meaning, although malware researchers deem business entities at the most risk of falling into the Trojan's victim demographics. Servers and networks with weak passwords can experience breaches through brute-force attacks, along with the dangers that out-of-date software imposes through their vulnerabilities. Admins also should restrict RDP access carefully and make sure that workers understand the risks of enabling documents' macros or advanced content.

More casually, all users should protect themselves by simple expedients like turning off JavaScript and Flash while browsing websites. In some cases, torrents, fake software updates, and illicit download links can provide exposure to file-locking Trojans like the XNMMP Ransomware. As usual, safe and law-abiding downloading behavior will stop these attacks before they start.

Malware analysts continue confirming the XNMMP Ransomware's compatibility with Windows systems only. Security products for that OS should delete the XNMMP Ransomware and stop any encryption feature from damaging files from the outset.

The XNMMP Ransomware is careful about its method of destroying files' backups while turning the originals into leverage for money. Those who don't have more money than sense would do well to save backups on more spaces than just their personal computer or face the repercussions.

Loading...