Ransomware XIII

We can recover encrypted files on any data storage device. Start the recovery now.

Like the vast majority of ransomware groups, Phobos ceased its activities after a large spike in successful attacks. But what is becoming very common is the creation of families by these groups.

XIII ransomware invades victims’ devices through malicious e-mails, illicit programs, phishing campaigns and other ways.

In the process of encrypting the data, the extension”.XIII” is added to the files. After that, files are created with the terms for the ransom, called “info.txt” and “info.hta”.

In the ransom note the victims are threatened that if they do not pay the ransom the files will be completely lost, and that the ransom must be paid in cryptocurrencies.

Inside this ransom note are two e-mails “xlll@imap.cc” and “xlll2@xmap.cc”, containing the website address to pay to receive the decryption key.

Government authorities discourage paying the ransom, as these amounts fund the group for further attacks. Digital Recovery has therefore developed technologies capable of recovering data encrypted by ransomware without the need for the decryption key.

Recover Files Encrypted by XIII Ransomware

Digital Recovery specializes in the recovery of data encrypted by ransomware whether on HDDs, SSDs, Databases, Servers, Storages, Virtual Machines, RAID systems.

We can recover data remotely in a totally secure virtual environment, this solution is available for all countries in the world.

We offer our customers emergency mode recovery, in which mode our labs operate with 24×7 availability.

We make available to all our customers the confidentiality agreement (NDA), which guarantees the secrecy of all information about the process.

Contact us and start data recovery now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.