Jump to content

Infected with .xtbl ransomware

Recommended Posts



Infected with xtbl ransomware. Removal is the easy part.


Recovery is the issue. How do I recover the files.

No viable backups made aside from bare metal recovery.

Problem is the xml files required for bare metal recovery are also encrypted.....how to resoree them


Any ideas? Exactly what do I have.....looks like this came out a year ago but cannot find any tool to get back.




Link to post
Share on other sites

Kaspersky Lab has a utility called RakhniDecryptor that is able to brute force the decryption key for some of these <filename>.<extension>.id-random number_"@"variants but not all of them. Instructions for using RakhniDecryptor can be found here.

Kaspersky Lab also has a RannohDecryptor utility for decrypting some other types of <filename>"@".<random characters> "@" variants with extensions appended to the end.

If those tools do not work, then it is not possible to decrypt the encrypted files.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...