Axxes Ransomware Steals and Encrypts Files

ransomware

Axxes Ransomware is an exceptionally dangerous piece of malware, which has the ability to steal data from infected systems prior to encrypting the original copies. This way, the criminals behind the operation have two ways to extort their victim – promising to provide them with a decryptor for money, and threatening to publish their files online if they do not pay. Threats like the Axxes Ransomware often specialize in attacks against companies and institutions whose files are likely to contain sensitive data that they would not want to be available on the Internet. Hence why they would be more likely to agree to pay the ransom sum.

Tbhe Axxes Ransomware infects systems via malicious email attachments, fake downloads, or other types of malware delivery mechanisms. Once the threat is active, it starts sending files to the hacker's server, while encrypting the original copies on the victim's device. Once it locks a file, it appends the '.axxes' suffix to its name.

The next step of the Axxes Ransomware attack is the creation of the ransom message 'RESTORE_FILES_INFO.hta.' This file tells victims that their data has been stolen and encrypted, and that the only way out of the situation is to pay a ransom fee. The crooks advise their victim to download the TOR browser in order to visit a TOR-based payment portal where they can find more details about the offer of the criminals.

The Axxes Ransomware gang is likely to demand tens of thousands of dollars from its victims. Their 'data leak' page has already an 'auction' section, which implies that they will be releasing stolen files to the highest bidders – typically other cybercriminals.

Protect your company network from the Axxes Ransomware attack by using an up-to-date antivirus software suite, as well as by ensuring to preserve regular backups of your important files and documents.

April 28, 2022