Xpan Ransomware might have been created by a cyber-criminal organization called TeamXRat. Since the ransom note it displays after encrypting data is written only in Portuguese language, it is possible the malware might not be spread anywhere else outside Brazil. Also, our specialists say at the moment Xpan Ransomware is more dangerous to corporations than individual computer users as the reports say the ransomware’s creators are only after companies and institutions. For example, the threat’s authors have already infected computers on one of the hospitals in Brazil. Fortunately, computer security specialists found a way to decrypt the malicious program’s damaged files, so the hospital did not lose any data. If you wish to learn other details about the malware or ways it could be erased, we advise you to review the instructions located below and read the rest of the text.
It was determined that the malicious program’s creators are from Brazil too. They are already known to computer security specialists since Xpan Ransomware is not their first created threat. Not a long time ago we researched another ransomware of their creation. If you are interested in computer infections, you may have heard about Xorist Ransomware. Compared to the recently created program it is not so complicated as it was written in a low-level programming language called Assembly while Xpan Ransomware was written in a more complicated C++ language. However, despite the malware’s complexity, decryption tool for it was created rather fast, and now it can be downloaded free of charge.
Instead of sending files infected with Xpan Ransomware via email the hackers are looking for various security vulnerabilities they could exploit, for example, weak passwords. The device’s vulnerabilities may allow them to take over the system’s control remotely and run the malware themselves. The malicious program should not lock the screen or damage data belonging to the computer’s operating system. In other words, after the computer gets infected its user may not be able to open any documents, archives, pictures, photos, or other valuable files, but otherwise, he should be able to use the device normally.
As soon as the encryption process is over the user should notice that his Desktop picture was changed with the infection’s wallpaper. It has an image of a character called Bart from the popular animated sitcom known as Simpsons. In the picture, Bart is repeatedly writing the following message: “Eu irei ter mais cuidado com meus arquivos.” Translated into English, it means something like “I'll be more careful with my files.” Below the picture, there is also a message written in Portuguese. It explains what happened to the data and tells how to reach the malicious program’s creators and pay a ransom if the user wants to decrypt his files.
Given there is a way to decrypt all data for free, we would recommend replacing the picture and erasing the threat right away. More experienced users could try to get rid of it manually. To do so, you would have to identify and remove the malicious data on the computer on your own accordingly to the deletion instructions placed at the end of the text. A faster and easier way to eliminate Xpan Ransomware is probably to employ a trustworthy removal tool, since then all you would have to do is run a system scan and click the deletion button once it appears.