Xatz Ransomware Will Lock Almost All of Your Files

During our analysis of newly discovered malware samples, our research team discovered the emergence of the Xatz ransomware. Belonging to the Djvu ransomware family, Xatz functions by encrypting data and demanding payment in order to decrypt the files.

Upon running Xatz on our test system, we observed that it immediately initiated the encryption process on various files, altering their names by appending a ".xatz" extension. For instance, a file originally named "1.jpg" would become "1.jpg.xatz," while "2.png" would transform into "2.png.xatz," and so on. Once the encryption was completed, the ransomware proceeded to create a ransom note called "_readme.txt."

The ransom note left by Xatz informs the victim that their databases, documents, pictures, and other vital files have been encrypted. It further states that the only way to regain access to the locked data is by paying a ransom. The specified price for obtaining the decryption keys or software is $980 USD. However, there is an opportunity to reduce this amount by half ($490) if the victim contacts the attackers within a 72-hour timeframe. Additionally, the message assures the victim that they can test the decryption process on a single file before making any payment.

Xatz Ransom Note Matches Djvu Template

The full text of the Xatz ransom note reads as follows:

ATTENTION!

Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-otP8Wlz4eh
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshmail.top

Reserve e-mail address to contact us:
datarestorehelp@airmail.cc

Your personal ID:

How Can Ransomware Like Xatz Get Inside Your System?

The infiltration of ransomware like Xatz into your system can occur through various means. Here are some common ways ransomware can find its way into your system:

Phishing Emails: Cybercriminals often employ phishing techniques to trick unsuspecting users into clicking on malicious email attachments or links. These emails may appear legitimate, such as invoices, shipping notifications, or messages from reputable organizations. Once you interact with the malicious content, the ransomware is downloaded and executed on your system.

Malicious Downloads: Ransomware can also be downloaded inadvertently from untrusted websites, peer-to-peer networks, or through software cracks and pirated content. Malicious files masquerading as legitimate software or media can contain hidden ransomware that activates upon execution.

Exploiting Software Vulnerabilities: Ransomware developers exploit security vulnerabilities present in operating systems, applications, or plugins. If you have outdated software that hasn't been patched with the latest security updates, cybercriminals can exploit these vulnerabilities to gain unauthorized access to your system and install ransomware.