XCrypt is a ransomware that runs on Microsoft Windows. XCrypt is not based on an open source code or part of a RaaS (Ransomware as a Service) service, but that it seems to have been created independently.


Once the XCrypt Ransomware has infected a computer, it will communicate with its Command and Control server and relay information about the infected computer, including its location and information about its configuration. The XCrypt Ransomware encrypts the victim's files using the AES 256 encryption, a method that's typical of these attacks. The files encrypted by the XCrypt Ransomware will not have their name or extension changed, although they will no longer be accessible by the victim's applications. The XCrypt Ransomware targets numerous file types, including databases, spreadsheets, Office documents, images, videos and numerous others. The XCrypt Ransomware delivers its ransom note in a file named 'Xhelp.jpg' that contains a ransom message in Russian, which is reproduced below in translation to English:

Your computer has been hacked! the XCrypt
All your files are now encrypted.
Unfortunately for you, the programmers and the police can not help you.
To decrypt, refer to the operator via ICQ.
IMPORTANT! Write down the number of our ICQ 714595302
The window is loaded on your desktop, but you can delete it and lose our contacts, thus lose all your files.
Icq 714 595 302
Community content is available under CC-BY-SA unless otherwise noted.