XznShirkiCry Ransomware Uses Bilingual Ransom Note
The ransomware known as XznShirkiCry came to our attention during our examination of malware samples. This malware encrypts data, modifies filenames by adding a specific extension, alters the desktop wallpaper, and generates a ransom note inside a file named "read_me.txt".
XznShirkiCry appends the string ".locked[payransom1@gmailcom][victim's_ID]" to filenames. For example, it transforms "1.jpg" into "1.jpg.locked[payransom1@gmailcom]id17666," and "2.png" into "2.png.locked[payransom1@gmailcom]id17666," and so forth.
The ransom note notifies the victim that their operating system has been compromised by the XznShirkiCry virus. To regain access, the victim is instructed to pay a $5 ransom to a specified Bitcoin wallet and then reach out to the attackers via email (payransom1@gmail.com).
The note cautions against deleting the encrypted files or altering their extensions, as such actions would make decryption impossible. Additionally, the victim is assigned a unique ID necessary for the decryption process.
XznShirkiCry Ransom Note Composed in Russian and English
The full text of the ransom note generated by XznShirkiCry reads as follows:
Внимание!
Ваша ОС заражена вирусом XznShirkiCry, а все ваши файлы были зашифрованы.
Для того чтобы расшифровать ваши файлы, необходимо заплатить выкуп 5$ на BitCoin-кошелек. После этого написать на нашу электронную почту.
BitCoin-кошелек:17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
Электронная почта:payransom1@gmail.com
Важно! Зашифрованы файлы:
Не удалять
Не изменять расширение файлов
В случаи если вы удалите наш вирус или ваш антивирус его удалит, то расшифровка станет невозможна!!!
Ваш ID:17666. Данный ID понадобится для расшифровки.
English:
Attention!Your OS is infected with the XznShirkiCry virus, and all your files have been encrypted.
In order to decrypt your files, you need to pay a $5 ransom to a BitCoin wallet.
After that, write to our email address.BitCoin Wallet:17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
e-mail:payransom1@gmail.com
Important! Encrypted files:
Do not delete
Do not change the file extension
If you delete our virus or your antivirus deletes it, then decryption will be impossible!!!Your ID:- You will need this ID for decryption.
How Can You Protect Your Data from Ransomware?
Protecting your data from ransomware requires a combination of preventive measures, security practices, and preparedness. Here are essential steps to help safeguard your data against ransomware attacks:
Regular Backups:
Regularly back up your important data to an external drive, network-attached storage (NAS), or a cloud service.
Ensure that backups are automated, frequent, and stored offline to prevent them from being affected by the ransomware.
Update Software:
Keep your operating system, antivirus software, applications, and plugins up to date with the latest security patches.
Enable automatic updates when possible to ensure timely protection against known vulnerabilities.
Security Software:
Install reputable antivirus and anti-malware software to provide real-time protection against malicious threats, including ransomware.
Keep the security software definitions updated to detect and block the latest threats.
User Education:
Educate yourself and your team about phishing emails, malicious attachments, and suspicious links.
Be cautious when opening emails from unknown senders or clicking on links, especially if they seem unexpected or urgent.
Email Security:
Use email filtering solutions to identify and block phishing emails and malicious attachments.
Enable two-factor authentication (2FA) for email accounts to add an extra layer of security.
