Phobos Ransomware is an encrypting ransomware Trojan that was first observed on October 21st, 2017. In the years since, its operators have released a number of variants, and XHAMSTER Ransomware is one of the more troublesome ones.
If you periodically install applications from misleading and/or potentially unreliable third-party sites, you may unknowingly install malware like XHAMSTER Ransomware on your computer.
XHAMSTER Ransomware affects a wide range of file types, including documents, photos, PDFs, archives, databases, and many more. XHAMSTER Ransomware also modifies the original names of the locked files by adding a unique ID string generated for the particular victim. Additionally, the hackers add their ICQ account address (ICQ@xhamster2020) to the new filename. Finally, ‘.XHAMSTER’ will be appended as the new file extension.
Victims of XHAMSTER Ransomware are presented with two ransom notes. One is inside a text file named ‘info.txt.’ The other is displayed in a pop-up window created from an ‘info.hta’ file. The instructions in both notes are identical.
Unfortunately for victims, the ransom note doesn’t specify the exact amount that victims are suppose to pay. However, the note does say that the ransom amount depends on how fast victims establish contact with the attackers.
The eventually established ransom can only be paid in the Bitcoin cryptocurrency. The ransom note also instructs victims to send up to 5 files to be decrypted for free. Hackers tend to make this kind of offer to demonstrate their ability to unlock all of the affected data.
The total size of the files sent for decryption must not exceed 3MB, and the files should not contain any valuable information. Should the XHAMSTER Ransomware victims have any additional questions, they are directed to contact the same ICQ account added to the string of the encrypted filenames.
How Do I Deal with the XHAMSTER Ransomware Attack?
Although communicating with the hackers and paying their ransom demand may seem like the easiest way out of the situation, we never suggest that you interact with cybercriminals. Instead, in order to protect yourself from the XHAMSTER Ransomware attack, you should have a reputable malware remediation tool installed on your computer. That way, you can constantly scan for elements associated with this troublesome ransomware infection, as well as other malware. To mitigate the potential damage to your files, do not forget to back them up on an external hard drive or virtual cloud storage.