[email protected] ransomware virus encrypts victims’ files and adds the .xtbl extension to them. Instead of dropping the typical for ransomware viruses ransom note asking for a specific amount in exchange for a decryption key, this one prompts its victims to send an email to [email protected] to negotiate the sum of get their files back after they have been completely scrambled.
Negotiating and paying the cyber crooks is not advised if you have been attacked by this virus or any other ransomware. Instead, read the article below to see how to remove it and then try to recover some of your files back.
How Is [email protected] Delivered into Your PC?
[email protected] is distributed via malicious executable attached in phishing emails which resemble a legitimate company, person, institution, organization, etc. to trick the victim into opening it.
The malicious executable may also be an Exploit Kit or JavaScript file masked as a legitimate .pdf ot Microsoft Office document so that many users would never recognize it as a trap.
How Does [email protected] Work?
Typical to .xtbl ransomware viruses, [email protected] downloads into the victims’ PC upon opening the malicious executable. Then, it may create malicious componets into some of the Windows folders, such as:
- %AppData%
- %Roaming%
- %Local%
- %Temp%
Then, [email protected] ransomware will scan the PC to locate files for encryption. The files it usually encrypts are:
“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”
Once encrypted, the virus will add the .xtbl extension to them.
The ransom note will then appear on the desktop with instructions. It says that the victim needs to send an email to the given address and negotiate a sum which he has to pay to the cyber criminals in order for them to send him a decryption key.
How to Remove [email protected] from Your PC
As we said before, never negotiate or pay the cyber criminals because this way you only encourage them to spread more ransomware viruses around. What’s even worse for you is that there’s never a guarantee that you’ll receive your files back even if you pay the demanded amount.
What we suggest then is to first remove [email protected] virus from your system and only then to try restoring some of your files back. Full recovery of files after encryption is rarely possible so make sure you back up you data so you won’t get attacked by nasty ransomware infections again.
To remove [email protected], make sure you use a powerful anti-malware tool that will scan your system, detect the malicious files and remove them safely and completely. If you try to manually remove the virus, you may worsen the situation, especially if you have no technical background.