Xot5ik Ransomware

The Xot5ik ransomware is a variant of the Thanos ransomware, which has been responsible for numerous attacks, Europe has been the target of most attacks.

As usual for large ransomware groups, after numerous successful attacks they cease their activities because their attacks attract the attention of the authorities.

But after some time, the group reappears under a new name and with a new outfit, even though the main characteristics of the malware remain the same.

This is used as a distraction, the ransomware groups have found a goldmine with their attacks, they will hardly give up doing them.

Xot5ik ransomware invades devices through spam emails, cracked software download sites, and more.

Xot5ik uses RSA and AES encryption algorithm, which are the most used types in all ransomware.

After encrypting all files, a text file called “Инструкция.txt” is created, it is fixed on the desktop, in it is the terms for paying the ransom.

All encrypted files are given the extension .xot5ik, making it impossible for the user to access them.

The decryption key is kept in a remote server controlled by the criminals. The ransom is paid in cryptocurrencies.

There is no guarantee that the key will be released after the ransom is paid; the victim has to rely solely on the word of the criminals.

Recover Files Encrypted by Xot5ik Ransomware

Digital Recovery specializes in the recovery of data encrypted by ransomware on HDDs, SSDs, Databases, Virtual Machines, Servers, Storages (NAS, DAS, SAN), RAID systems and others.

We provide all our clients with the confidentiality agreement (NDA), all information about the process is confidential.


We are used to acting in complex data loss scenarios, and have developed technologies to make the recovery as fast as possible, such as remote recovery and emergency mode recovery.

We don’t negotiate with hackers, we can recover files even without the decryption key. Contact us and start recovery now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.