Lab

Ranstop blocks XiaoBa ransomware

Test subject – Xiaoba ransomware

Xiaoba has evolved from a simple ransomware to a file destroying coinminer. This is mainly due to some bugs in the code, but now is back with yet another version, which only encrypts files and demands a ransom to get them back, as any other ransomware does.

Discovered in October last year, we currently know of 4 versions, which primarily target Chinese speakers, but there is also an English version available. The previous variant was so buggy, that even though it did not encrypt files, it still destroyed most executables, because of their poor injection techniques. The scope of this variant was to make sure that whatever is launched, the coinminer is also executed.

Xiaoba ransomware test facts

The new version behaves like a classic ransomware, gathering user data, encrypting user files and demanding ransom. It appends .[BaYuCheng@yeah.net].china to the encrypted files. We have never seen a ransomware appending a country name to the attacked files. It is also very fast, encrypting many files in a very short time. Interestingly enough, the originally executed malware will duplicate itself, automatically launch the new copy and encrypt the original. We think the latest action is also a result of sloppy coding.

We currently do not know of any tools that will successfully decrypt the files without paying the ransom, which we will never recommend.

Xiaoba ransomware test results

TEMASOFT Ranstop detects Xiaoba ransomware easily once it starts processing files. Upon detection, the user is alerted, and the ransomware process is stopped and quarantined. The affected files are automatically recovered so that the user doesn’t lose her documents.


Click here to watch TEMASOFT Ranstop blocking Xiaoba ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023