SensorsTechForum - How to Technology and PC Security Forum

PC Security and Protection => Malware Removal Questions and Guides => Topic started by: mcinn on December 17, 2015, 02:53:55 pm

Title: My files were encrypted by XRTN Ransomware
Post by: mcinn on December 17, 2015, 02:53:55 pm
According security researchers, XRTN ransomware belongs to the family of Vaultcrypt ransomware, which was detected in March 2015.

XRTN ransomware uses RSA-1024 encryption in combination with the open source Gnu Privacy Guard (GnuPG) encryption. More information here: http://sensorstechforum.com/remove-xrtn-ransomware-from-your-machine/

Once infected, the victim will be shown a HTA document (with instructions) when Windows starts. The document also contains an email address to contact the cyber criminals – xrtnhelp@yande.ru.

Unfortunately, at this point recovering the decryption key is not possible. The ransomware is also designed to delete the Shadow Volume Copies, making restoring the encrypted data an impossible task. Unless, of course, you have regularly backed up your data.

Researchers also warn that the infection with XRTN Ransomware is triggered by opening a malicious email attachment.

If you have been attacked by the XRTN ransomware, please share your experience here.