Draft:XFUN

Draft article not currently submitted for review. This is a draft Articles for creation (AfC) submission. It is not currently pending review. While there are no deadlines, abandoned drafts may be deleted after six months. To edit the draft click on the "Edit" tab at the top of the window. To be accepted, a draft should: Show the subject qualifies for a Wikipedia article by using multiple sources that meet four criteria. The sources should be (1) reliable (2) secondary (3) independent of the subject (4) talk about the subject in some depth. For some topics, there are alternative criteria. Be written from a neutral point of view Respect copyright and do not plagiarize. Do not copy-paste. It is strongly discouraged to write about yourself, your business or employer. If you do so, you must declare it. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Last edited by Bearcat (talk | contribs) 0 seconds ago. (Update) Submit the draft for review!

Our researchers found The XFUN ransomware while investigating new submissions to the VirusTotal site. This malware is designed to encrypt data and demand payment for the decryption early 2024.

On our test machine, XFUN encrypted files and added a ".XFUN" extension to their filenames. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.XFUN", "2.png" as "2.png.XFUN", and so on for all of the locked files.

Afterward, the ransomware dropped a ransom note named "!!== ReadMe ==!!.txt". Upon inspection, we learned that this message lacks critical information, thus leading us to speculate that XFUN is still in development or has been released for testing purposes. However, this could be rectified in potential future releases of the malware.

• Internet Crime Complaint Centre IC3

Screenshot of files encrypted by XFUN ransomware:

Ransom note overview

XFUN's message states that the victim's files have been encrypted. The sole method of recovering the data necessitates a decryption key, which is in the attackers' possession. The victim must pay a ransom to obtain it. However, as previously mentioned, the note does not include crucial information. The message is formatted in a way that was evidently intended to include the key details – ransom amount, Bitcoin wallet address, and contact information.

The victim is given 72 hours to pay and after this deadline – the affected data will be permanently lost. Before meeting the cyber criminals' demands, the victim can test decryption on a single file for free. Additionally, the victim is warned against attempting manual decryption since that will render the files undecryptable.

Due to the lack of information in this note, it is impossible for victims to meet the demands. This could have been an error, or XFUN might have been released for testing purposes only. It is noteworthy that this issue could be addressed in possible future variants of ransomware.

XFUN ransomware overview

We have analyzed and researched thousands of ransomware infections, and this experience allows us to conclude that decryption is usually impossible without the attackers' involvement.

Furthermore, victims often do not receive the promised decryption keys/software despite meeting the ransom demands. Therefore, even if it is possible to pay, we strongly advise against it. Complying with the cyber criminals' demands does not guarantee data recovery, and it supports this illegal activity.

Removing XFUN ransomware from the operating system will prevent it from further encryptions. Unfortunately, removal will not restore already compromised files. The sole solution is to recover them from a backup (if one was created prior and stored elsewhere).

The general advice for ensuring data safety is to keep backups in multiple different locations, such as unplugged storage devices, remote servers, and others.^[1]

References

1. PCRISK, PCRISK (23 June 2024). "XFUN (.XFUN) ransomware virus – removal and decryption options".

v t e Hacking in the 2020s
← 2010s Timeline 2030s →
Major incidents	2020 BlueLeaks Twitter account hijacking European Medicines Agency data breach Nintendo data leak United States federal government data breach EasyJet data breach Vastaamo data breach 2021 Microsoft Exchange Server breach Ivanti Pulse Connect Secure data breach Colonial Pipeline ransomware attack Health Service Executive ransomware attack Waikato District Health Board ransomware attack JBS S.A. ransomware attack Kaseya VSA ransomware attack Transnet ransomware attack Epik data breach FBI email hack National Rifle Association ransomware attack Banco de Oro hack 2022 Ukraine cyberattacks Red Cross data breach Anonymous and the Russian invasion of Ukraine Viasat hack DDoS attacks on Romania Costa Rican ransomware attack LastPass vault theft Shanghai police database leak Grand Theft Auto VI content leak 2023 Munster Technological University ransomware attack Evide data breach MOVEit data breach Insomniac Games data breach Polish railway cyberattack British Library cyberattack 2024 XZ Utils backdoor
Groups	Anonymous associated events Anonymous Sudan Berserk Bear Clop Cozy Bear DarkMatter DarkSide Dridex Ghostwriter GnosticPlayers Guacamaya Hafnium IT Army of Ukraine Killnet Lapsus$ LightBasin LockBit REvil Sandworm Sakura Samurai ShinyHunters Wizard Spider
Individuals	Graham Ivan Clark maia arson crimew Kirtaner
Major vulnerabilities publicly disclosed	SMBGhost (2020) Thunderspy (2020) PrintNightmare (2021) FORCEDENTRY (2021) Log4Shell (2021) Account pre-hijacking (2022) Retbleed (2022) Downfall (2023) LogoFAIL (2023) Reptar (2023) Terrapin (2023) GoFetch (2024)
Malware	2020 Adrozek Drovorub 2021 Predator 2022 Cyclops Blink Pipedream