A new Xorist ransomware has been released called Team XRat that targets Portuguese speaking victims. When infected, the XRat Ransomware will encrypt your data and append the .C0rp0r@c@0Xr@ extension to encrypted files. It will then display a ransom note called Como descriptografar seus arquivos.txt.
The XRat Ransomware will also change your wallpaper to a picture of Anonymous that tells victims to email firstname.lastname@example.org for payment instructions.
If your files have the .__xratteamLucked (x2 underscores) or .C0rp0r@c@0Xr@ extension, your files can be decrypted using Emsisoft Xorist Decryptor.
If your files have the .___xratteamLucked (x3 underscores) and .____xratteamLucked (x4 underscores), your files can be decrypted by Kaspersky (see the bottom of the article)
Edited by xXToffeeXx, 30 September 2016 - 03:00 AM.