Home Malware Programs Ransomware Xampp Locker Ransomware

Xampp Locker Ransomware

Posted: February 10, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 51
First Seen: February 10, 2017
OS(es) Affected: Windows


The Xampp Locker Ransomware is a file-encryption Trojan that ransoms the data of your PC by encoding it and selling the decryption service to you. Con artists may use several methods of distributing these threads, although e-mail is the preferred installation platform against vulnerable business entities. Backing your files up to a location not susceptible to these attacks and keeping anti-malware security tools for deleting the Xampp Locker Ransomware at the earliest opportunity are the counter-tactics malware experts are recommending.

The Name of Hidden Tear Continuing to be Not-So-Hidden

Trojans like the Hidden-Peach Ransomware and the UpdateHost Ransomware aren't the end of the Hidden Tear family, a formerly-public example of Trojan code that, now, is the subject of recycling by different threat actors. New samples with all of the same features, such as the Xampp Locker Ransomware, are important parts of the threat landscape on a weekly basis. As far as malware experts can determine, the Xampp Locker Ransomware still seems to be in its testing phases, due to encrypting only a sample directory that's unlikely of being present on most PCs.

Hidden Tear-based Trojans like the Xampp Locker Ransomware use the AES encryption for blocking the files of a PC, with some variations, according to which formats the extortionist is targeting (such as DOCs or JPGs). Current versions of the Xampp Locker Ransomware encrypt only the 'xampp\htdocs\ directory, presumably as a test payload. The Trojan also provides each locked filename with the '.locked' extension previously seen in efforts like UpdateHost Ransomware's campaign.

Usually, the victims of these attacks can find ransoming instructions in a TXT file that the Trojan drops either on their desktops or in the same directory as the encrypted content. Traditional ransom demands use such methods as Bitcoin that can prevent you from recovering the money, even if the con artist accepts it without helping you unlock your files.

The Easy Alternative to Paying for Your Possessions

Until malware researchers see attempts to spearhead installations of the Xampp Locker Ransomware into target systems, its distribution strategies are subject to speculation. However, the choice of marketing as a server-specific ransoming tool makes it more likely than not that its threat actors will distribute it by cracking workstation passwords or sending spam to already-harvested e-mail addresses. Monitor your RDP settings, keep active firewalls, rotate your passwords, and scan e-mail attachments with appropriate anti-malware tools to catch the Xampp Locker Ransomware in its ingress.

There is a decryptor for the Hidden Tear family that may make it unnecessary to pay the Xampp Locker Ransomware's admin before you can unlock your files. However, the frequent, minor revisions to the family can render old decryption solutions outdated. For a more guaranteed means of keeping your server's data safe, back it up to a drive not accessible to the Xampp Locker Ransomware's scans. Even if it poses no immediate threat to your information (such as due to its targeting an irrelevant folder), malware experts do recommend deleting the Xampp Locker Ransomware with anti-malware products due to it being a general security hazard.

Unless con artists find new resources that accomplish the same extortion campaigns for even less effort, Hidden Tear isn't going to stop being a recurring favorite for file-encrypting Trojans. New samples like the Xampp Locker Ransomware only underline why every employee and casual PC user should be making backups a part of their daily routine.

Loading...