Avast releases a new ransomware decryption tool for XData ransomware.
XData ransomware was discovered mid-May and now, two weeks later, we have released a free decryption tool for victims hit by XData ransomware that they can use to decrypt their data.
XData shares some similarities with the WannaCry ransomware that spread around the world. XData started spreading shortly after the WannaCry outbreak and has also been infecting machines by taking advantage the EternalBlue exploit.
The spreading of XData was definitely not as massive as WannaCry, but it still made an impact. As originally reported by the MalwareHunterTeam, it mainly targeted users in the Ukraine.
Here are stats of blocked XData attacks on our userbase:
Stats from 2017-05-18 to 2017-05-31
Taking a closer look at XData’s code, we found that it is almost identical to another recent ransomware strain called AES_NI, for which we also have a free decryption tool. This code similarity is not an accident. AES_NI’s code has been allegedly stolen from its authors by the operators of XData.
After infecting a machine, XData adds the ".~xdata~" extension to the encrypted files and drops the payment instructions in files named "HOW_CAN_I_DECRYPT_MY_FILES.txt".
Additionally, the ransomware creates a key file with a name similar to:
[PC_NAME]#9C43A95AC27D3A131D3E8A95F2163088-#-20175267812-78.key.xdata in the following folders:
To further copy AES_NI’s authors, who released the decryption key last week, the criminals behind XData also released their decryption key yesterday.
A special thanks goes to my colleague Ladislav Zezula for preparing this decryptor.
Staying ahead of the latest threats is hard. Not understanding the technical jargon makes it harder. Avast defines 9 words to know, and shares pro tips to keep you safe and protected.
Avast reveals the Android apps that drain your battery, eat up your storage and use the most of your monthly data plan.