Xinglocker Ransomware​

The Xinglocker ransomware has been carrying out attacks since it first appeared around May 2021. It targets companies that use the Windows operating system.

After finding some access to the victim’s system, either through email campaigns, malicious links or human inadvertence, the malware starts acting on the data.

After encryption, Xinglocker generates a text file “READ_ME.txt”. In it, there is the detailed step-by-step for the victim to contact the cybercriminals and pay the ransom amount for the return of their data.

The group responsible for Xinglocker attacks has been attacking companies around the world, maintaining its anonymity thanks to the Ransomware as a Service (RaaS) strategy.

At first, the Xinglocker ransomware was thought to be a new version, or a variant of the MountLocker and AstroLocker ransomware.

However, over the course of the attacks, studies showed that a slightly different system was being applied. Evidence of similar senders to the same onion address was highlighted and revealed a new franking system. That in turn was based on another similar group, Mountlocker.

It is critical to emphasise that ransomware organisations are looking for innovative methods to put in place in their affiliate programmes and RaaS operations.

Recover files encrypted by Xinglocker ransomware

Given the large number of ransomware attacks in recent years, Digital Recovery has specialized in the recovery of data encrypted by ransomware.

An in-house solution was developed that makes data recovery possible on storage devices, databases, virtual machines, RAID systems, servers and other storage devices.

This technology dispenses with the need for the decryption key held by hackers. We don’t negotiate with criminals.

Each of our solutions are compliant with the General Data Protection Regulation (GDPR). We keep in mind that every project is unique, so we solve the real needs of all our clients.

We have created our NDA (Non-Disclosure Agreement), which we make available to all our clients, because we are aware that information regarding hacker attacks is extremely sensitive.

If you have experienced an attack, make the right choice, Digital Recovery has the solution to your problem. Contact our experts now and get your data back.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Descriptografar ransomware em servidores

Decrypt Server

Ransomware attacks on servers have become a growing threat, jeopardising the security of critical data and business operations. This article explores the nuances of file


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.