The Xret Ransomware
Xret is a ransomware program that encrypts data and demands ransom for decryption. This threat has been spotted recently.
How it Spreads
The ransomware spreads using techniques such as fake torrent sites, URLs, and spam emails. The locked files are renamed with a ".XRET" extension. For example, a file named 'one[.]jpg' is renamed to the 'one[.]jpg[.]XRET'. After this process, the ransomware drops a text file named "# XRET #[.]txt" and changes the desktop wallpaper. The message on the wallpaper mentions that the victim's data is locked and that recovery requires contacting the attackers. The ransom note in the text file notifies that data has been stolen from the compromised system. Decryption will need paying a ransom, the amount of which will increase the longer the victim delays making contact with the attackers. Often, the stolen data is used to put pressure on victims to pay, or they risk the information being leaked. However, this ransomware note does not mention this threat. Victims can test one file for free decryption.
How it Succeeded
Ransomware groups use numerous attack vectors, such as spam emails and fake torrent sites, to compromise the victims.
Recent Activity
Xret ransomware has been found targeting Windows-based systems. After infection, this threat asks victims to pay a ransom for decryption. Further, the victims cannot use locked files.
Indicators of Compromise
Encrypted Files Extension
.XRET
Ransom Demanding Message
Text presented on the wallpaper
# XRET #[.]txt
Filename
Xret[.]exe
Action Required
For Security Advisories Services and further assistance, please don't hesitate to contact us:
Email: sales@r4im.com
Phone: 0529386413
We're here to help you stay secure and informed in the ever-changing landscape of cybersecurity.
