XData is a new ransomware, which is wreaking havoc in Ukraine. Interestingly and more shockingly, it is spreading faster than WannaCry did.
A security researcher called MalwareHunterTeam, from ID-Ransomware service, which collects ransomware samples submitted by users, discovered over the weekend that XData is the 2nd most active ransomware, only behind CERBER, in Ukraine, with more than 95% of victims from the European nation.
But there are other Countries impacted by the new ransomware, including Russia and Germany. The alarming news is that while WannaCry's victims numbered to somewhere in the hundreds of thousands, XData with its high rate of spreading, could have an outbreak potentially much severe than than that of the former. It is unclear on what mode the ransomware is spreading through.
XData encrypts files to the .xdata format using an AES (Advanced Encryption System) based algorithm. So every file locked by this nasty malware will end with the file extension.
Emsisoft, a popular security firm from New Zealand, which makes excellent anti-malware and anti-virus software, reports that these are the process found on infected systems, which are impacted by XData.
- mssql.exe
- msdns.exe
- msdcom.exe
- mscomrpc.exe
Following the attack, XData displays a ransom note on the system, which has the text like in the picture here (courtesy: Bleeping Computer).
And, as with most new ransomware there is currently no way to decrypt files which are locked by the XData ransomware.