One example of the XRTN variant.

Image Source: Bleeping Computer

XRTN targets Windows OS and encrypts files with RSA-1024 encryption using Gnu Privacy Guard (GnuPG) encryption software. XRTN spreads through spam emails containing malicious attachments disguised as Word documents. Once a victim opens the attachment, a JavaScript file executes and proceeds to download a GnuPG executable file, an actual Word document, and a batch file designed to encrypt files. It then deletes all Shadow Volume Copies and overwrites free disk space to prevent file restoration. It also adds the .xrtn extension to all encrypted files.

  • More information about XRTN is available from Bleeping Computer.
  • The NJCCIC is not aware of any decryption tools available for XRTN.