Defray

Defray

Defray targets Windows OS and is distributed via emails containing malicious Microsoft Word attachments. In August 2017, cybersecurity firm Proofpoint detected two small email campaigns containing Defray targeting individuals and distribution lists within the US and UK healthcare and education sectors, as well as the manufacturing and technology sectors.

XData

XData

XData targets Windows OS and its distribution method is currently unknown. Once a system is infected, XData scans for files on local drives and unmapped network shares. It uses the AES encryption algorithm, appends .~xdata~ to the names of encrypted files, and drops a ransom note named HOW_CAN_I_DECRYPT_MY_FILES.txt.