Bitcoin Ransomware Education – XData

It looks like the ransomware threat is only becoming more prominent over time. XData, a recently discovered type of malicious software, is causing a lot of problems in the Ukraine. Hundreds of computers have been infected successfully, and a lot of the victims were forced to pay the ransom. It is evident to the people behind this ransomware strain are trying to make their presence known.

Number of XData Infections Grows Exponentially

Security researchers all over the world are growing concerned over what the XData ransomware strain represents. To be more specific, the malicious software was spotted earlier this week. However, it seems the developers and distributors are upping their game. The number of successful infections across the Ukraine is four times higher compared to WannaCry. That is quite an amazing – and troublesome – feat.

To be more specific, no one knows for sure why this type of malicious software is growing so omnipresent all of a sudden. Considering how the Ukraine was the fifth-most affected target of WannaCry ransomware, it is remarkable XData infected four times as many computers. What is even stranger is how the software did so in such a short amount of time. This goes to show computers in this country have a serious security issue.

As if that isn’t enough to worry about, it appears XData is the second–most distributed ransomware over the past 24 hours. It is only marginally behind Cerber, which remains a very real threat that needs to be addressed sooner or later. It also appears the ransomware is now spreading to neighboring countries, as incidents have been reported across Russia, Germany, and Estonia. This is not a positive development by any means, though.

Similar to a lot of other ransomware types, XData uses AES encryption and renames file extensions to something more custom. As part of its encryption process, XData goes after local files and unmapped network shares. This type of behavior has become more prevalent among malicious software types as of late. Criminals want to cause as much damage as possible, after all.

Moreover, anyone infected with XData will need to contact the developers via email before they receive payment instructions. This type of behavior has also become quite popular as of late. Criminals no longer link Tor-based URLs for the payment page, but rather prefer to do things via email. This also means we have no idea how big the ransom is for the victims, although it is possible the number is somewhere close to the $250 range.

For the time being, getting rid of XData ransomware without paying the ransom or restoring files from a backup is virtually impossible. Security experts are analyzing the ransomware sample they obtained to reverse-engineer the software, but that process can take quite some time. It will be interesting to see if XData makes its way to other countries in the future, although it seems likely that will happen sooner or later.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.