Following the aftermath of last week's WannaCry ransomware outbreak - which debilitated telecommunication companies and hospitals globally - arrives a new threat; a malicious ransomware strain called XData. Currently XData seems to have targeted Ukraine specifically, unleashing about four times as many infections as WannaCry did in the country. A global spread of this strain would leave even more devastation than last week's WannaCrysis.
XData was first spotted by Malwarebytes security researcher Emphyrio and the alarm was sounded by MalwareHunter, according to whom, 95% of the victims of XData are from Ukraine but victims are visible in Russia, Germany and Estonia. Although signs of the threat are not yet visible in Botswana, knowledge of all new malware assists us to implement better security protocols within our organisations.
While the distribution method for this XData campaign is currently unknown, what we do know is that XData shows a level of sophistication distinct from the WannaCry debacle. XData fully encrypts the files it claims and will also encrypt unmapped network shares. Once the encryption process ends, the ransomware drops a ransom note on the user's PC, usually in a .txt format with decryption/ransom information.
Currently there is no way to decrypt the files taken hostage by the XData ransomware without paying the ransom. However we should find further updates on this threat as experts continue to research the strain.
Interestingly, XData does not specify an amount of money it requires to release hostage files. MalwareHunter speculates that the attackers may set the ransoms on a discretionary basis - depending on whether the victims are individuals or businesses.