Xiaoba 2.0 Ransomware

Posted by Sarah Stewart on August 6, 2018

What is Xiaoba 2.0 Ransomware?

No one wants to get infected with malware, let alone a ransomware program. However, there are users out there who have to deal with Xiaoba 2.0 Ransomware, and it’s a nasty one. The program intends to rip you off by asking you pay for a decryption key. However, it goes without saying that you should never do that. You need to remove Xiaoba 2.0 Ransomware as soon as possible, and then explore all the options to restore your files. You might have saved a lot of your data outside of your system without even realizing it, so there is no need to panic.test

Where does Xiaoba 2.0 Ransomware come from?

As you can probably tell from the name, Xiaoba 2.0 Ransomware belongs to a group of similar infections.  Our research team says that this program is the second version of the previously spotted XiaoBa Ransomware infection. These programs are known to pose as something else in order to target computers. In this case, the installer file for Xiaoba 2.0 Ransomware pretends to be an Adobe Flash Player installer file. So when users launch the file that installs this dangerous infection, they think that they are about to have the Adobe Flash Player on their system.

How does this installer file reach them? It usually happens through spam email. Spam email is the most common mean of distribution employed by ransomware programs. While only very few spam emails eventually reach their targets, using spam email campaigns is very cheap, and that is why ransomware developers often choose to spread their programs through spam email attachments.

So when a spam email reaches you, it often looks like a legitimate message from some website. Perhaps it urges you to install an Adobe Flash Player to view a certain video that you received together with the mail. Either way, it is important that users question random emails and attachments before they open them because you can always check whether you were supposed to receive that message or not. Finally, if you think that you should try and open the received file, you can scan it with a security tool before you do it. If the file is malicious, then the security program of your choice will identify it immediately.

What does Xiaoba 2.0 Ransomware do?

It doesn’t take much to understand that when a program like Xiaoba 2.0 Ransomware enters your computer, you can pretty much say goodbye to the data on your hard drive. When the program is launched, it encrypts your files and then drops the ransom note in every single affected folder. When the encryption is complete, the program deletes itself, and you are left to deal with the consequences.

Of course, you will notice immediately that your files have been locked because their icons will change, and there will also be an appendix added to the filenames. Xiaoba 2.0 Ransomware adds this extension to every encrypted file: .[xiaoba_666@163.com]Encrypted_(random ID).XIAOBA. Thus, you will have no problem discerning the affected files.

Perhaps the most frustrating part about this infection is that the program deletes volume snapshots, so it is impossible to use Shadow copies to retrieve the files. It also disables the startup repair, and so unless you have your files saved in an external hard drive, it might not be possible to retrieve them.

Of course, you might think that you can still pay the ransom, and Xiaoba 2.0 Ransomware would give you the decryption key. However, that is very unlikely because the criminals behind this infection are more interested in getting the money and making run for it. So please keep your money to yourself and look for other ways to get your files back.

How do I remove Xiaoba 2.0 Ransomware?

To get rid of this infection, you will have to delete the ransom notes that will be dropped in every single folder that contains encrypted files. Then, you should also check the locations where you save downloaded files and remove all the recently downloaded files, especially if you do not know what those files contain.

Finally, scan your computer with the SpyHunter free scanner and remove any other remaining malware files automatically. To avoid similar infections in the future, be sure to double-check the files you download from file-sharing websites and email attachments. Your system’s security is in your hands.

Manual Xiaoba 2.0 Ransomware Removal

  1. Delete all HELP_SOS.hta ransom note files.
  2. Press Win+R and type %TEMP%. Click OK.
  3. Delete HELP_SOS.vbs and the most recently downloaded files.
  4. Go to your Downloads folder.
  5. Remove the most recently downloaded files.
  6. Scan your system with a security tool. 100% FREE spyware scan and
    tested removal of Xiaoba 2.0 Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *