Xzzx Ransomware

What is Xzzx Ransomware?

Xzzx Ransomware is the newest variant of CryptoMix Ransomware. It was first detected at the end of November, 2017, so we cannot say that it has already become a prevalent infection. The chances are not very high that you will ever encounter it, but you still need to be cautious if you do not want to find your files locked completely. It should be mainly distributed as other ransomware-type infections, i.e. via spam emails, so do not go anywhere near these emails if you do not want to encounter this malicious application. If it is a little too late for prevention, i.e., you have already found this threat on your computer, you should mercilessly delete it from your system. Do not even bother sending an email to the author of Xzzx Ransomware because you will be asked to pay a ransom for the decryptor. Since you do not know whether you could decrypt your files after transferring your money to them, you should not send the required money to crooks. Instead, eliminate the ransomware infection from your computer today. If you do not disable it, it will keep running on your computer due to the entry in the Run registry key it creates upon the entrance.

What does Xzzx Ransomware do?

Ransomware infections usually infiltrate computers unnoticed, but they do not stay in the background like some other harmful malicious applications. They start performing those activities they have been programmed to do right away. As for Xzzx Ransomware, it does not work in the background either. Following the successful entrance, it goes to lock users’ files immediately. These files are encrypted using a strong cipher, and they are all marked by adding the .xzzx extension to them. Additionally, their names are changed to 32-random symbols, for example, your .jpg file with any name might become 0AE2C47210495B46345CAE8D130F3F8E.xzzx. Once users’ pictures, documents, music, and other files are encrypted, the ransomware infection also drops a ransom note _HELP_INSTRUCTION.txt to inform users what they need to do next. Xzzx Ransomware does not demand a ransom like some other threats seeking to get users’ money, but users need to write an email to one of the email addresses provided “for specific information.” It uses the following emails:

  • xzzx@tuta.io
  • xzzx1@protonmail.com
  • xzzx10@yandex.com
  • xzzx101@yandex.com

Do not waste your time on writing emails to cyber criminals if you are not going to send them your money. Instead, focus on the Xzzx Ransomware removal. Once you remove this infection, you could restore those files from a backup. Of course, you could do this only if you have ever backed up your data at least once.

Where does Xzzx Ransomware come from?

According to researchers at anti-spyware-101.com, Xzzx Ransomware usually infiltrates users’ computers when they open malicious attachments. Needless to say, they do not know that these attachments are malicious and, because of this, open them fearlessly. We do not blame those users who open them because these attachments are often disguised as important documents. We are sure future CryptoMix Ransomware versions will also be spread via spam emails, so be more careful from now on. First of all, do not open emails sent to you by unknown people and ignore their attachments. Second, it would be a smart move to install security software as well. Our security specialists say that users should be careful with their downloads too because they might download malware from the web by mistake either.  Active antimalware software on their systems would not allow them to make such an unforgivable mistake.

How to remove Xzzx Ransomware

If you see your files with .xzzx, it means that you have Xzzx Ransomware on your system and need to delete it ASAP. This threat is quite sophisticated if we take into account all modifications it makes in the system registry, so, unfortunately, we cannot promise that its removal will not be problematic at all. You will need to undo the changes made in the system registry and, on top of that, erase files that belong to this infection one by one to delete it fully. We do not say that you need to erase this malicious application from your PC manually – it can be deleted automatically as well. The final decision regarding its removal is yours.

Xzzx Ransomware removal guide

  1. Launch Run.
  2. Insert regedit.exe and click OK.
  3. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  4. Delete the random-named Value and BC0EBCF2F2 Value.
  5. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  6. Right-click on the *BC0EBCF2F2 Value and select Delete.
  7. Close Registry Editor and tap Win+E.
  8. Remove BC0EBCF2F2.exe from %ALLUSERSPROFILE% and %ALLUSERSPROFILE%\Application Data.
  9. Remove the ransom note _HELP_INSTRUCTION.txt.
  10. Empty Recycle bin. 100% FREE spyware scan and
    tested removal of Xzzx Ransomware*

Leave a Comment

Enter the numbers in the box to the right *