[Virus/Malware Activity Report: Zxc Ransomware]

A breach believed to be in the form of Zxc ransomware has occurred,
so we would like to confirm the situation and provide a warning as follows.

Zxc ransomware

Zxc ransomware is a malicious malware virus that belongs to the VoidCrypt ransomware family.
The infection route is through email attachments, P2P file sharing sites, and malicious advertisements.
If you are infected with this ransomware, all system data will be encrypted, and you will be prompted to make a cryptocurrency payment to decrypt the encryption.
Once encrypted, all affected data files will have the appearance of ["original file name, hacker's email address, unique ID".zxc].
For example, the file [file.jpeg] is changed to [filefile name.extension.(private key)(hionly@tutanota.com).zxc].

Once this is done, the Decryption-Guide.HTA file will display a ransom note message in a pop-up window and drop into all the affected corrupted folders.

How it works

file version

[Figure 1 File version]

[Figure 2 File properties]

behavioral process

• Stop services for specific programs

  Stops specific SQL services to attack DB contents.

  
  [Figure 3 Stopping service for a specific program]

• Turn off firewall settings

  Disable firewall settings to make your PC less secure.

  
  [Figure 4 Disabling firewall settings]

Infection results

The guide files, Decryption-Guide.txt and Decryption-Guide.HTA, are created in each path. When encryption is performed, <existing name.existing extension. The files are changed to (private key)(hionly@tutanota.com).zxc>.

[Figure 5 Infection result 1]

[Figure 6 Infection result 2]

[Figure 7 Infection result 3]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 8 Block message]

[Figure 9 Block message]

Go watch the Zxc blocking video