![]() ![]() For example, foobar.doc would be renamed. The ransomware adds the word 'encrypTile' into a file name. ![]() Avast then spotted a new, final version of this ransomware now using AES-128 encryption, creating a key that is constant for a given PC and user. ![]() You will find it listed in the following folders C:, C:\ProgramData, and Desktop. EncrypTile is a ransomware strain first observed in November of 2016. This particular file will contain the ransom note that will be like the example shown in the screenshot below. It will add the ".~xdata~" extension to any encrypted files and within one of those encrypted files, the text file "HOW_CAN_I_DECRYPT_MY_FILES.txt" will be found. XData utilizes the Eternal Blue exploit to spread itself and infect other machines. All the Avast Decryption Tools are available in one zip here. Avast Decryption Tool for XData will decrypt files that have been targeted by the XData ransomware, which is a derivative of the AES_NI strain of ransomware. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |