Author Topic: New XData ransomware spreads faster than WannaCry  (Read 286 times)

0 Members and 1 Guest are viewing this topic.

Offline Scarlett

  • Updates Moderator
  • *
  • Posts: 22996
New XData ransomware spreads faster than WannaCry
« Reply #1 on: May 22, 2017, 08:16:30 AM »
New XData ransomware spreads faster than WannaCry
22 May 2017, 5:43 am

Following the emergence of the WannaCry ransomware attack campaign last week, another, possibly bigger outbreak is underway. The culprit? A new ransomware called XData.

It was spotted over the weekend by security researcher MalwareHunter. MalwareHunter is one of the people behind the ID-Ransomware service that enables users to submit ransomware samples for analysis. XData was submitted via the service.

The spread of XData across Ukraine has been so rapid it has raised XData to the second most active ransomware strain, second to the ever dominant Cerber.

XData caught the attention of the team due to its rapid spread across Ukraine where, in one day, XData made four times as many victims when compared with the total for the entire week of WannaCry’s reign.

WannaCry has already infected hundreds of thousands of systems across the globe. Bu,t if you consider the current rate of XData infection in Ukraine, Russia and Germany, the global impact of XData would far outshine that of WannaCry.

Meet XData

TheXData ransomware was initially spotted in May 2017  and while its distribution method is currently unknown, these are the files and processes currently found on an infected host:





XData utilises AES encryption to encrypt files, to which it changes the extension to~xdata~. 

For example, a file named photo.png becomes photo.png.~xdata~.

Source: Bleeping Computer

Once the encryption process is complete, the following ransom note appears:

Source: Bleeping Computer

Unfortunately, at this stage, there is no way to decrypt files locked by the XData ransomware. Researchers will continue to look into this latest outbreak. We’ll keep you updated on any changes.

Related Posts:Global WannaCry ransomware outbreak uses known NSA exploitsDecrypt Amnesia ransomware with Emsisoft’s free decrypterWannaCry Ransomware: Interview with Emsisoft’s…Remove Cry9 ransomware with Emsisoft’s free decrypterEmsisoft releases free decrypter for CryptON ransomware

Source: Emsisoft Blog

>> To obtain the full Emsisoft article, click the link in the first post line <<


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks