You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!



  • **
  • 68
  • +26/-0
      • View Profile
My files were encrypted by XRTN Ransomware
« on: December 17, 2015, 02:53:55 pm »
According security researchers, XRTN ransomware belongs to the family of Vaultcrypt ransomware, which was detected in March 2015.

XRTN ransomware uses RSA-1024 encryption in combination with the open source Gnu Privacy Guard (GnuPG) encryption. More information here:

Once infected, the victim will be shown a HTA document (with instructions) when Windows starts. The document also contains an email address to contact the cyber criminals –

Unfortunately, at this point recovering the decryption key is not possible. The ransomware is also designed to delete the Shadow Volume Copies, making restoring the encrypted data an impossible task. Unless, of course, you have regularly backed up your data.

Researchers also warn that the infection with XRTN Ransomware is triggered by opening a malicious email attachment.

If you have been attacked by the XRTN ransomware, please share your experience here.
« Last Edit: December 18, 2015, 09:17:06 am by mcinn »