DXXD Ransomware Devs Mock Users With Fake Legal Disclaimers, Taunt Researchers In Support Forums

Getting hit with ransomware, a form of malware that encrypts your files and holds them hostage until you pay the hacker responsible to decrypt them, is no laughing matter, at least if you're the victim. But for cyber crooks becoming ever more brazen, the temptation to taunt victims and security researchers is sometimes too much. That's been the case with the person responsible for the DXXD ransomware.

DXXD is a nasty bit of code that's been going after servers for the past couple of weeks. Luckily there are good guys out there that act as security super heroes. One of them is Michael Gillespie, a dude who loves cats and also happens to be very good at analyzing ransomware. He often provides free decryptors to victims of ransomeware, and he was successful in thwarting an early version of DXXD.


Ah, but security is often a game of cat and mouse, as any AV company will tell you. DXXD's author countered Gillespie's do-good effort by modifying the encryption algorithm. A few days after he did so, the hacker registered an account on BleepingComputer to brag about his new encryption scheme.

"Hello guys, how are you? Decrypt a new version??? (It's pre-alpha)," the hacker wrote, then followed up with another post claiming he was using a new zero-day vulnerability.

It's a jerk move, but one that he can make at the moment as Gillespie and other researchers have yet to come up with an antidote. The good news is they're working on it by scanning the new malware for weaknesses. Should they find one, they'll release another decryptor for free.

"Therefore, if anyone is affected by the DXXD Ransomware, do not pay the ransom," BleepingComputer advises.

You'll know pretty quick if your system gets infected. This particular strain takes the extra step of configuring a Windows Registry entry that's used to display a notice when you log into your PC. The notice lets owners and admins know that the PC in question has been compromised and provides a pair of email addresses to discuss the ransom.

Show comments blog comments powered by Disqus