The Hello XD ransomware was first spotted in the digital wild back in November 2021, but recent research indicates that it’s becoming more virulent.
There’s no such as ‘good’ ransomware, but it’s not unreasonable to describe Hello XD as ‘disastrous’ due to its enhanced capabilities. Whereas, previously, Hello XD focused its efforts on the standard ransomware practice of encrypting files, its evolved form now includes a backdoor feature. This enhanced functionality allows the transfer of data from infected PCs to external sources. Combined with its ransomware feature, this new form of Hello XD represents a huge security risk.
Ransomware is a highly problematic attack, and it’s one which your organization needs to avoid at all costs. Hello XD is the latest in a long line of ransomware attacks and, as ever, it could save you a fortune by understanding how it operates.
Hello XD Steps Up Its Game
Spread through various phishing techniques, Hello XD operates in the following manner once it arrives on a PC:
- Hello XD’s first step is to disable shadow copy capabilities, this means that system snapshots cannot be saved or accessed. System recovery, therefore, can’t be used to counter the impact of Hello XD.
- The infected system’s hard drive is then encrypted by Hello XD, all files are encrypted with a .hello extension and rendered inaccessible.
- A ransom note is issued to the victim through a text file which instructs them to communicate with the threat actors through the TOX chat system. Featuring strong end-to-end encryption, TOX provides a cloak of secrecy for the hackers while they communicate with their victims.
- Hello XD’s final move is to use its backdoor functionality – a program named Microbackdor – to steal files, wipe any evidence of the PC being compromised and execute remote commands.
Clearly, Hello XD packs a powerful punch and has the capability to bring your organizations IT operations to a halt. It is believed that Hello XD has been designed by X4K, a Russian-speaking hacker who has been advertising his wares on various hacking forums. It’s also likely that X4K will enhance Hello XD’s capabilities even further for future attacks, so it’s crucial you remain alert.
How Do You Say Goodbye to Hello XD?
The best way to avoid falling victim to Hello XD is by practicing the following:
- Understand phishing techniques: Hello XD, and many other forms of ransomware, use phishing strategies such as mass emails to snare their victims. Emails, for example, which instill a sense of urgency over financial matters can be used to encourage users to open malicious attachments. However, if your employees understand the tell-tale signs of social engineering, they will be better placed to avoid falling victim to phishing attacks.
- Keep backups offline: it’s essential that you keep backups of your data and system snapshots offline to retain control over your data. While this will not stop a ransomware attack, it does provide your organization with a solution if they are attacked. A threat actor will be unable to encrypt offline files, and this ensures that you can restore your data without paying a ransom.
For more ways to secure and optimize your business technology, contact your local IT professionals.
Read More