Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


DXXD Server Ransomware Remove and Decrypt Encoded Files

dxxd-ransowmare-ransom-note-fake-sensorstechforumRansomware virus that has been specifically designed to attack systems running OS’s for servers, like the Windows Server 2012 has been detected to cause infections and encrypt files on compromised server. ESG malware researchers have reported that this may be a new type of file-encrypting ransomware virus and the team behind it is believed to be an experienced one. In case your server has gotten hit by DXXD it is advisable to immediately disconnect the server and use the instructions in this article to remove DXXD and try to restore your files.

Threat Summary

NameDXXD
TypeRansomware
Short DescriptionThe ransomware encrypts files with a strong cipher and asks a ransom payoff for decryption.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for notifying the victim shows as a fake Windows security alert.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by DXXD

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss DXXD Server Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

DXXD Ransomware – How Does It Infect

Since this threat is a bit more complicated, it may target different organizations, which means the approach for infection may not only be limited to malicious files that are spammed as e-mail attachments or URLs. The virus may also infect the server which it targets via other malware like a Trojan horse or a Botnet with downloader capabilities. Also, there is possibility that the ones spreading the malware may use the hands on approach to target organizations, meaning they may have physical access to a compromised device.

DXXD Ransomware – How It Works

As soon as the payload of the ransomware is downloaded on the infected computer users may witness a fake Windows Update screen with the following notification:

→’Microsoft Windows Security Center. Dear Administrator, YOUR server is attacked by hackers.
For more information and recommendations, write to our experts by e-mail: [email protected]
or [email protected]
When you start, Windows Defender works to help protect your PC by scanning for malicious or unwanted software. And write to our experts by email: [email protected] or [email protected]

The ransomware is capable to also lock down the whole network configuration incoming and outgoing to the server.

For it to encrypt the files on a compromised computer, DXXD virus scans for a pre-configured list of file extensions first and if some of them match, the virus encrypts the files. ESG researchers report that the endangered file types are the following:

→.png, .psd, .pspimage, .tga, .thm, .tif, .tiff, .yuv, .ai, .eps, .ps, .svg, .indd, .pct, .pdf, .xlr, .xls, .xlsx, .accdb, .db, .dbf, .mdb, .pdb, .sql, .apk, .app, .bat, .cgi, .com, .exe, .gadget, .jar, .pif, .wsf, .dem, .gam, .nes, .rom, .sav, .dwg, .dxf, .gpx, .kml, .kmz, .asp, .aspx, .cer, .cfm, .csr, .css, .htm, .html, .js, .jsp, .php, .rss, .xhtml, .doc, .docx, .log, .msg, .odt, .pages, .rtf, .tex, .txt, .wpd, .wps, .csv, .dat, .ged, .key, .keychain, .pps, .ppt, .pptx, .ini, .prf, .hqx, .mim, .uue, .7z, .cbr, .deb, .gz, .pkg, .rar, .rpm, .sitx, .tar.gz, .zip, .zipx, .bin, .cue, .dmg, .iso, .mdf, .toast, .vcd, .sdf, .tar, .tax2014, .tax2015, .vcf, .xml, .aif, .iff, .m3u, .m4a, .mid, .mp3, .mpa, .wav, .wma, .3g2, .3gp, .asf, .avi, .flv, .m4v, .mov, .mp4, .mpg, .rm, .srt, .swf, .vob, .wmv, .3d, .3dm, .3ds, .max, .obj, r.bmp, .dds, .gif, .jpg,.crx, .plugin, .fnt, .fon, .otf, .ttf, .cab, .cpl, .cur, .deskthemepack, .dll, .dmp, .drv, .icns, .ico, .lnk, .sys, .cfg.

Although it is reported that servers will continue to be operational after an infection by DXXD ransomware virus, malware researchers report that the files on them, including the databases, can no longer be opened and have the “dxxd” suffix.

Furthermore, after an encryption process has finished, the DXXD virus makes sure the victim receives it’s ransom message by asking him to contact a Pidgin (messenger program) to contact them. After coming in contact, the following reply is received:

→“Dear owner, bad news!!!!
Your SERVER {hacked}, and file’s {ENCRYPTED}!
If you need back files and recommendations,
to protect your file’s and server, write to e-mail:
{1} [email protected]
{2} [email protected]
If don’t answer on e-mail? Write to {jabber}:
what’s jabber?
GUIDE : {link to a guide on how to use Pidgin}
Program : {link to the official page of Pidgin}
Register account : {links to portals with XMPP support} or your custom.
Add me : [email protected]}
And so, write me.
Sorry.”

Decrypt Files Encrypted by DXXD Ransomware

Before decrypting files that were encoded by the DXXD virus, it is advisable to remove the malware completely from your computer. To perform this, the best method is to download an advanced anti-malware program that will automatically scan the memory and remove all associated with DXXD virus files and other objects.

After removing the DXXD virus, you should begin decrypting the encoded files. To do this, it is strongly recommended to download the official decryptor that was released for the DXXD ransomware by malware researchers. You should be able to find a download web link In step “2. Decrypt files encrypted by DXXD” below.

Manually delete DXXD from your computer

Note! Substantial notification about the DXXD threat: Manual removal of DXXD requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove DXXD files and objects
2.Find malicious files created by DXXD on your PC

Automatically remove DXXD by downloading an advanced anti-malware program

1. Remove DXXD with SpyHunter Anti-Malware Tool and back up your data
2. Decrypt files encrypted by DXXD
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.