Xda Ransomware
The Xda Ransomware is a file-locking Trojan from the Dharma Ransomware sub-group of the Crysis Ransomware's family. This Ransomware-as-a-Service business creates captive files by encrypting them and sells the decryption solution afterward. Users with backups should find recovery simple, and most anti-malware programs should recognize and delete the Xda Ransomware.
Trojan Invasions with Optional Smartphone References on Top
Ransomware-as-a-Service's campaigns experience re-theming regularly, according to the imaginations of the threat actors who hire the RaaS for various durations. One family, the Dharma Ransomware, is showing a new version that might be targeting Android phone users – or just making fun of them. The Xda Ransomware is, in most respects, besides its name, a traditional variant of its family archetype.
The Xda Ransomware uses many of the attacks and features that are well-known throughout the RaaS industry and the Dharma Ransomware, including variant members like the DDOS Ransomware, the Wal Ransomware, the DharmaGate Ransomware and the also-recent Bot Ransomware. Particularly invasive features include:
- Deleting the Shadow Volume Copies (the Windows Restore Point backups).
- Encrypting digital media files with RSA-protected AES.
- Changing the names of encrypted files with 'xda' extensions.
- Creating ransom notes, such as HTA pages or TXT files.
Of particular note is the Xda Ransomware's seemingly randomly-chosen 'theme' for its campaign. XDA is a possible acronym referencing a smartphone model and associated Android technology community. While it's not unknown for file-locking Trojans' campaigns to include smartphone-based targets, it is unusual. However, malware researchers only can confirm 32-bit Windows samples of the Xda Ransomware, at this time.
Hanging Up on Trojan Campaigns
The ransom notes that the Xda Ransomware creates exemplify the financial motivation behind its attacks: gathering ransoms in return for a decryption service that the threat actor could withhold. Backup management is the best safeguard against having one's files locked, and malware experts also advise saving a backup to a separate device. While a free decryptor is available for the Dharma Ransomware, it only is compatible with older versions, not newer examples like the Xda Ransomware.
Unsafe server configurations and employee behavior are responsible for a majority of file-locking Trojans' successful attacks. Unexpected e-mail attachments may disguise themselves as invoices or articles and use embedded vulnerabilities and macros for dropping this threat. As an alternative, many threat actors will target victims using credentials that are weak against brute-forcing tools. Proper choices in passwords and interactions with downloads can prevent most such incidents.
Anti-malware services are identifying this Trojan at much better rates than those of the similarly-aged the Bot Ransomware, another member of this family. However, users always should use the latest versions of their security products for removing the Xda Ransomware accurately.
The Xda Ransomware might be coming for Android users soon, just like the qbx Ransomware – another version of its family. This Ransomware-as-a-Service's far-reaching aims are, however, consistently beatable by users with even the most basic backup managerial skills.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.