Xrom Ransomware Will Crunch Your Files

Xrom ransomware is a newly discovered strain of malware that encrypts files. It belongs to the broader family of ransomware clones based on Dharma ransomware code.

Xrom behaves like all ransomware does - it encrypts files on the victim device and leaves them unusable. The ransomware will encrypt media, document and archive file formats, as well as database files. Once encrypted, files receive a multi-part extension that contains the victim ID string, the email used by the ransomware operator and the ".xrom" string.

This means that a file formerly called "document.doc" will transform into "document.doc.id-[alphanumeric string].[money21@onionmail.org].xrom".

The ransom note is both dropped inside a plain text file named "FILES ENCRYPTED.txt" and is also displayed inside a pop-up window. The full ransom note goes as follows:

YOUR FILES ARE ENCRYPTED

Don't worry,you can return all your files!

If you want to restore them, follow this link:email money21 at onionmail dot org YOUR ID -

If you have not been answered via the link within 12 hours, write to us by e-mail:qazqwe at msgsafe dot io

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

There is no known decryption tool for the Xrom ransomware.

July 19, 2022
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.