Last month, people discovered that a ransomware variant circulated under the name of DXXD, targeted servers and encrypted files on them. However, for the peace of mind of those who have been affected, Michel Gillespie, who works as a security researcher, managed to analyze the malware and come up with a software that decrypted the files.
Even so, after he managed to do this, the developers of the ransomware quickly replied, modifying the algorithm and making it impossible to decrypt.
There’s nothing special about the DXXD ransomware though. When a system is infected, it adds a “dxxd” extension to each of the files it affects. For example, if you have a file called picture.jpg, its name will become picture.jpgdxxd after it is encrypted. The ransomware will lock up as many files on your computer as it can, including the network shares. You will only see a ReadMe.TxT file that gives you instructions on how to contact the developers through email and send them money in order to unlock your computer.
However, what is different compared to the other crypto-malware programs that are out there, is the fact that this one modifies a setting found in Windows Registry. The particular setting is replaced with one ransom note, instead of the legal notice that is usually shown when a user logs in on the computer.
Sadly, it seems that the ransomware developers of DXXD are not done yet. They registered an account at the Bleeping Computer, which is a website for computer security, and use it to tease their victims, in particular the few security researchers who try to find a decryption solution for the malware.Researchers already confirmed that DXXD’s developers created a newer version of the malware, which is even harder to crack, and they relied on a zero-day vulnerability in order to do that.
RELATED STORIES TO CHECK OUT: