Xaro Ransomware Joins Family of Djvu Offshoots

During our investigation of new malware submissions, our research team came across a ransomware program known as Xaro, which belongs to the Djvu ransomware family.

Upon running a sample of Xaro on our test machine, we observed that it encrypted files and modified their filenames by appending a ".xaro" extension. For instance, a file named "1.jpg" became "1.jpg.xaro," "2.png" turned into "2.png.xaro," and so on. Following the encryption process, a ransom note named "_readme.txt" was generated.

It is worth mentioning that Djvu ransomware infections often occur alongside the RedLine and Vidar information stealers.

The ransom note delivered by Xaro notifies the victim about the encryption of their files and informs them that the only way to restore the data is by purchasing the decryption keys and tools from the cyber criminals responsible for the attack. The ransom amount is set at 980 USD, but there is an opportunity for a 50% reduction (490 USD) if the victim contacts the attackers within 72 hours. Additionally, the note offers a free decryption test, allowing the victim to verify the effectiveness of the decryption process on a single file before making any payments.

Xaro Ransom Note Copies Usual Djvu Template

Xaro's ransom note in full reads as follows:

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-otP8Wlz4eh
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

How Can Ransomware Like Xaro Infect Your Home Computer?

Ransomware like Xaro can infect your home computer through various methods. Here are some common ways:

Malicious email attachments: Cybercriminals may send deceptive emails that appear legitimate, containing attachments infected with ransomware. These attachments could be disguised as invoices, shipping details, or other seemingly important documents.

Phishing emails and websites: Phishing emails and fraudulent websites are designed to trick users into revealing sensitive information or downloading malicious files. Clicking on malicious links or downloading files from these sources can lead to ransomware infections.

Malvertising: Attackers may compromise legitimate online advertisements with malicious code. Clicking on these malicious ads can initiate the download and installation of ransomware on your computer.

Exploit kits: Exploit kits are malicious toolkits that target vulnerabilities in software. If your computer has outdated software with unpatched security flaws, visiting compromised websites or clicking on malicious links can trigger an exploit kit, leading to a ransomware infection.

Freeware and software cracks: Downloading software cracks, keygens, or pirated content from untrustworthy sources can expose your computer to ransomware. Cybercriminals often disguise ransomware within such downloads.

Drive-by downloads: Visiting compromised websites or clicking on malicious links can initiate drive-by downloads, where ransomware is automatically downloaded and installed on your computer without your knowledge or consent.

To protect your home computer from ransomware infections, it is essential to practice the following preventive measures:

• Use reputable antivirus and antimalware software and keep it updated.
• Regularly install security updates and patches for your operating system and applications.
• Be cautious when opening email attachments, especially from unknown senders.
• Verify the authenticity of websites before entering sensitive information or downloading files.
• Avoid clicking on suspicious links or ads.
• Only download software from trusted sources.
• Backup your important files regularly and store them securely, preferably offline or in the cloud.
• Educate yourself about the latest ransomware threats and stay informed about cybersecurity best practices.