Not all ransomware programs are created to ruin global computer systems. Sometimes they could be used as tools in personal attacks, too. XUY Ransomware happens to be one of such programs. It is not a global infection, and we believe that it affects only a handful of users. However, if you find this program on your computer, you should see to it that you remove XUY Ransomware at once. It is not hard to terminate this infection because it doesn’t drop additional files. But if you do not feel confident about manual removal, you can always get rid of this program with a licensed antispyware tool.
We know for sure that this application is based on Torn or Thorn Ransomware. Although it does not say much to the end user who gets infected with this program, it allows us to assume that XUY Ransomware is actually a new version of the previously released infections that has been customized to do whatever its developers want it to do.
Also, the difference between this program and all the other ransomware infections is that it does not use the most common ransomware distribution method. Normally, we would expect such infections to reach their targets via spam email attachments. Although the success rate of a spam email attachment is very low, it is still enough to maintain the general ransomware pandemic around the world. Hence, ransomware developers still employ spam emails to deliver their programs. Users are tricked into opening malicious documents that they think carry important messages. This is how most of the ransomware programs spread around.
However, XUY Ransomware is different. Our research team suggests that this program probably spreads as a personal attack against certain groups or individuals. For example, maybe someone wants to cripple computers of a certain group in a gaming community, and thus they use this ransomware to attack.
Aside from that, XUY Ransomware works like your average ransomware program, as it encrypts most of the files in the %PUBLIC% and %UserProfile% directories. Although, researchers point out that the program may leave files untouched if there is a file “trig” in the %AllUsersProfile% directory.
What’s more, the ransom note displayed by this infection cannot be trusted. It says that you have 12 hours to decrypt your files. It also requires the infected users to pay 400EUR in bitcoin for the decryption tool, but the bitcoin wallet address given in the ransom note is fake. Hence, there is no need to follow these instructions.
There is no public decryption tool available for XUY Ransomware, but our researchers were able to create one themselves, so it means that you can address a professional technician and they will be able to help you restore your files. On the other hand, if you have a file backup, you can simply delete the encrypted files along with the infection, and then transfer the healthy copies back into your hard drive.
Please do not forget to acquire a reliable antispyware application that would safeguard your system from other intruders. But aside from a professional security tool, you should also review your web browsing habits to make sure that you do not allow similar infections into your computer again.