They ask for rescue in Bitcoin by repackaged XPan Ransomware that returns to Brazil

It is known that computer viruses and malware evolve quickly to stay one step ahead of antivirus and cybersecurity software. But sometimes hackers make a quick buck reusing the same malicious application under different names. While there is a question of effectiveness of this type of ransomware, due to the availability of solutions to address such threats, criminals behind it have begun to opt for a more localized approach to infect systems.

That is why a new ransomware in Brazil, “.one” is one of those ransomware that has recycled the codes of a well-known XPan ransomware to create moderately effective malicious software capable of earning money for criminals who believe they own. Reports indicate that “one” must be propagated by manually installing and running the malware over the RBP. Once the system is infected, the victim will receive a rescue note asking him to contact The email mentioned ( with a unique ID for more details on the rescue payments.

The ransomware, suspected to be distributed by a group of small-time cybercriminals has already hit many computers belonging to small and medium-sized enterprises in the country. The similarities between XPan and. One ransomware found itself during an in-depth analysis of the malware. Similarities include target file extensions, rescue notes, commands executed before and after the encryption process and even the public RSA keys of criminals. However, it looks like the ransomware stunt. One is not going to be profitable for its creators for a long time. Kaspersky has announced that they have successfully cracked the encryption, just as in the case of its predecessor, XPan.

The cybersecurity firm claims to have helped some companies recover their files without having to pay the ransom of 0.3 BTC. It is believed to be a localized cyber threat, Kaspersky advises attack victims not to pay the ransom. Instead, they can get in touch with the customer service company that will help them through the decryption process. In other words, the company offers security to fight against viruses.

Meanwhile, there are signs of an increase in the number of localized threats confined to specific geographies. The new development will not only increase the workload of IT security firms to address the problem, but also hinder the flow of information through attacks, since often such targeted small attacks may not be reported until the prevalence of The threat increases.


Warning: CryptoSolutions is not responsible for the opinions expressed in this article. The ideas and opinions expressed in this article do not represent a business opportunity of any kind and the reader should be properly advised before making a financial or legal decision.

You may also like