XAMPP Ransomware

Posted by Max Lehmann on February 14, 2017

What is XAMPP Ransomware?

XAMPP Ransomware is a new malware threat on the web that means real danger for those who work with PHP, such as software developers. As a matter of fact, this ransomware may not be a final version since it only seems to attack one directory specific to PHP development and encrypts a few extensions only. Of course, this could be a terrible loss for you if you are a programmer and do not have a backup on a removable drive. Another strange thing about this Italian language malware program is that it only demands a few euros in return for the decryption key. In any case, we do not advise you to pay up because there is no guarantee that you would get this key and that you could recover your files. But, if you want to use your computer without security threats, we suggest that you act now and remove XAMPP Ransomware ASAP. test test

Where does XAMPP Ransomware come from?

This vicious program remains true to its predecessors and follows them in their footsteps in the sense that it also mainly spreads via spamming campaigns. This method is based on spam e-mails and a malicious attachment that poses as an image, a video, or a document file; however, it is indeed an executable file that infects your system with XAMPP Ransomware. Many users may think that they would not open spam mails; however, it is important for us to point out that nowadays such malicious mails may be more difficult to spot compared to years ago when they were quite obvious.

For instance, such a mail can pretend to come from the local or state authorities, or any well-known companies (FedEx, American Airlines, AOL, etc.). Then, the subject of these mails can be quite inviting and rather convincing, too. Even if you find such a spam in your spam folder, you would be likely to want to see its content. Criminals know exactly how they can achieve and awaken this kind of interest in you. There is a chance, of course, that you will doubt that this mail is actually for you or that it relates to you in any way. Yet, you would probably not be able to resist temptation to see what it is all about. However, you must remember that saving and opening the attached file is tantamount to activating this malicious threat on your system. In other words, if you delete XAMPP Ransomware after this point, it always means that your files have already been encrypted and you cannot save them by removing this ransomware. Nevertheless, this is the right move because there is no other way for you to recover your system really.

How does XAMPP Ransomware work?

Once initiated, this malicious program does not copy itself anywhere on your system; it simply operates through the file you downloaded from the spam. Strangely enough, this ransomware infection only targets a specific directory called “C:\xampp\htdocs.” As we have already mentioned, this directory is only there on your system if you are a PHP developer. This malware uses the good old AES-256 algorithm to encrypt the following extensions in the aforementioned folder: .txt, .doc, .png, .html, and .php. All affected files get a “.locked” extension, which is also used by a number of other ransomware infections.

When the vicious job is done, a warning message comes up on your screen with an Italian ransom note. This note tells you that your files have been encrypted and you have to pay 2.2 EUR (2.34 USD right now) in order to get the decryption key. However, it is not very clear how this ridiculous amount of ransom fee should be transferred. Only a name is given: Alessandro Nava. Before we would go into any unnecessary detail, we must mention that we do not think it is a good idea to send these crooks any money anyway. If you want to save your system, you should remove XAMPP Ransomware right away.

How can I delete XAMPP Ransomware?

As a matter of fact, it is quite simple to eliminate XAMPP Ransomware from your system because all you need to do is delete the downloaded malicious file and restart your computer. Please use our guide below this article if you need help with this. If this infection managed to slither onto your system, we suggest that you start making regular backups onto a portable drive if you do not want to suffer from even more severe future attacks. But, of course, there is an efficient way to ward off such malicious attacks; you can install a reliable malware removal application, such as SpyHunter, for example. There is a good range of powerful anti-malware programs available on the net but you need to make sure that the one you choose is really trustworthy since the web is full of rogue programs. Also, it is important that you keep all your drivers and programs up-to-date if you want to avoid cyber attacks.