To streamline ransomware removal and recovery protocols, cybersecurity experts regularly look through the internet to find any new cryptovirological strain. In a similar ransomware hunting activity, a group of malware experts have stumbled upon a new strain that goes with the name XUY. The newly discovered cryptovirological strain is not related to any existing ransomware family.
As of now, not much is known about the technical aspect of the ransomware. For instance, we don’t know what encryption module is being used by XUY to lock down the files. Moreover, the delivery method used by XUY operators is still not known. After the encryption, which affixes every file with the extension ‘.xuy’, a ransom note appears on the desktop screen.
According to the ransom note, XUY operators are demanding 400 Euros in Bitcoins to provide the key for ransomware removal. It is important to mention here that the affected users have a tight deadline to act. The attackers only give 12 hours to victims to contact them to get the ransomware removal solution. The operators also give a Bitcoin wallet address in the note for quick extortion payment.
The examination of an affected device suggests that XUY ransomware infects the device with various malicious files. Besides the payload script, cybersecurity experts have also found malicious files in some system folders (AppData, Windows, Roaming and Local). This suggests that apart from having a ransomware removal for the recovery of data, victims also have to disinfect their entire system to restore in its original state.
Experts are still trying to find out the delivery method used by XUY operators. However, there are strong chances that they have carried out a mass distribution of ransomware payload through a spam email campaign. Therefore, it is always advised to not download and open any unsolicited email attachment.