DXXD Server Ransomware Remove and Decrypt Encoded Files - How to, Technology and PC Security Forum | SensorsTechForum.com

DXXD Server Ransomware Remove and Decrypt Encoded Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

dxxd-ransowmare-ransom-note-fake-sensorstechforumRansomware virus that has been specifically designed to attack systems running OS’s for servers, like the Windows Server 2012 has been detected to cause infections and encrypt files on compromised server. ESG malware researchers have reported that this may be a new type of file-encrypting ransomware virus and the team behind it is believed to be an experienced one. In case your server has gotten hit by DXXD it is advisable to immediately disconnect the server and use the instructions in this article to remove DXXD and try to restore your files.

Threat Summary

Short DescriptionThe ransomware encrypts files with a strong cipher and asks a ransom payoff for decryption.
SymptomsFiles are encrypted and become inaccessible. A ransom note with instructions for notifying the victim shows as a fake Windows security alert.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by DXXD


Malware Removal Tool

User ExperienceJoin our forum to Discuss DXXD Server Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

DXXD Ransomware – How Does It Infect

Since this threat is a bit more complicated, it may target different organizations, which means the approach for infection may not only be limited to malicious files that are spammed as e-mail attachments or URLs. The virus may also infect the server which it targets via other malware like a Trojan horse or a Botnet with downloader capabilities. Also, there is possibility that the ones spreading the malware may use the hands on approach to target organizations, meaning they may have physical access to a compromised device.

DXXD Ransomware – How It Works

As soon as the payload of the ransomware is downloaded on the infected computer users may witness a fake Windows Update screen with the following notification:

→’Microsoft Windows Security Center. Dear Administrator, YOUR server is attacked by hackers.
For more information and recommendations, write to our experts by e-mail: shellexec@protonmail.com
or null_ptr@tutanota.de
When you start, Windows Defender works to help protect your PC by scanning for malicious or unwanted software. And write to our experts by email: shellexec@protonmail.com or null_ptr@tutanota.de’

The ransomware is capable to also lock down the whole network configuration incoming and outgoing to the server.

For it to encrypt the files on a compromised computer, DXXD virus scans for a pre-configured list of file extensions first and if some of them match, the virus encrypts the files. ESG researchers report that the endangered file types are the following:

→.png, .psd, .pspimage, .tga, .thm, .tif, .tiff, .yuv, .ai, .eps, .ps, .svg, .indd, .pct, .pdf, .xlr, .xls, .xlsx, .accdb, .db, .dbf, .mdb, .pdb, .sql, .apk, .app, .bat, .cgi, .com, .exe, .gadget, .jar, .pif, .wsf, .dem, .gam, .nes, .rom, .sav, .dwg, .dxf, .gpx, .kml, .kmz, .asp, .aspx, .cer, .cfm, .csr, .css, .htm, .html, .js, .jsp, .php, .rss, .xhtml, .doc, .docx, .log, .msg, .odt, .pages, .rtf, .tex, .txt, .wpd, .wps, .csv, .dat, .ged, .key, .keychain, .pps, .ppt, .pptx, .ini, .prf, .hqx, .mim, .uue, .7z, .cbr, .deb, .gz, .pkg, .rar, .rpm, .sitx, .tar.gz, .zip, .zipx, .bin, .cue, .dmg, .iso, .mdf, .toast, .vcd, .sdf, .tar, .tax2014, .tax2015, .vcf, .xml, .aif, .iff, .m3u, .m4a, .mid, .mp3, .mpa, .wav, .wma, .3g2, .3gp, .asf, .avi, .flv, .m4v, .mov, .mp4, .mpg, .rm, .srt, .swf, .vob, .wmv, .3d, .3dm, .3ds, .max, .obj, r.bmp, .dds, .gif, .jpg,.crx, .plugin, .fnt, .fon, .otf, .ttf, .cab, .cpl, .cur, .deskthemepack, .dll, .dmp, .drv, .icns, .ico, .lnk, .sys, .cfg.

Although it is reported that servers will continue to be operational after an infection by DXXD ransomware virus, malware researchers report that the files on them, including the databases, can no longer be opened and have the “dxxd” suffix.

Furthermore, after an encryption process has finished, the DXXD virus makes sure the victim receives it’s ransom message by asking him to contact a Pidgin (messenger program) to contact them. After coming in contact, the following reply is received:

→“Dear owner, bad news!!!!
Your SERVER {hacked}, and file’s {ENCRYPTED}!
If you need back files and recommendations,
to protect your file’s and server, write to e-mail:
{1} shellexec@protonmail.com
{2} null_ptr@tutanota.de
If don’t answer on e-mail? Write to {jabber}:
what’s jabber?
GUIDE : {link to a guide on how to use Pidgin}
Program : {link to the official page of Pidgin}
Register account : {links to portals with XMPP support} or your custom.
Add me : {one_weak@rows.io}
And so, write me.

Decrypt Files Encrypted by DXXD Ransomware

Before decrypting files that were encoded by the DXXD virus, it is advisable to remove the malware completely from your computer. To perform this, the best method is to download an advanced anti-malware program that will automatically scan the memory and remove all associated with DXXD virus files and other objects.

After removing the DXXD virus, you should begin decrypting the encoded files. To do this, it is strongly recommended to download the official decryptor that was released for the DXXD ransomware by malware researchers. You should be able to find a download web link In step “2. Decrypt files encrypted by DXXD” below.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share