- Home
- Detectable Ransomware
- Xorist 2020
Ransomware Research
Xorist 2020 Ransomware
Xorist 2020 is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on March 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Xorist 2020-2021.
Quick Facts
- Ransomware Family
- Xorist 2020
- First Seen
- March 1, 2020
- Known Aliases
- Xorist 2020-2021
How Xorist 2020 Ransomware Works
Targeted Files
Encrypts 1812 kb; skips ~32 bytes header
File Encryption Patterns
Xorist 2020 modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..XiNo
..locks
..GiTeR
..ZyNoXiOn.BlOCkED
..CrYo.TeOnS
..ENCRYPTED
..hex911
..[dungeon]-0_0
..CroNi.ZoNe
..{loly} _zip
..YaKo.MoKo
..freelocker
..YaKo
..GlUtEzOn.VaNoLe
..ZaCaPa
..MakaLi
..jigsaaw
..wannacry
..hnx911
..BD
..YOURPCISHACK16024752552658
..TAKA
..mame vse
..ZaLtOn
..locked3dllkierff
..pethya zaplat zasifrovano.pethya zaplat zasifrovano.pethya zaplat zasifrovano
..hacker crypt 2020.data
..Hacker zasifroval zaplat.cryp
..NIGG3R
..greedyfuckers
..lockerxxs
..LyDark
..ZaToN
..EnCryp13d
..CryptPethya
..Zasifrovano.zaplat.za klic 2021
..sandboxtest
..emilisub
..greed
..MailRU
..btCry_zip
..divinity
..btc-Apt2
..lockedfile
..8329892832982983982
...txt
..wannacry666
Ransom Note and Payment Demands
After encrypting files, Xorist 2020 displays ransom notes demanding payment for file recovery:
HOW TO DECRYPT FILES.txt
Ransom message:
notes/HOW TO DECRYPT FILES.txt
Note locations:
EveryFolder
Ransom message:
notes/HOW TO DECRYPT FILES.txt
Note locations:
OnceOnCompletion
КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt
Ransom message:
notes/КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with Xorist 2020 ransomware:
4.exe
sAadsA.exe
Z2.exe
9bysyq8v045hrnf.exe
1pqtu9v4f52721w.exe
virus.exe
WU17sDZVZ12PQjL.exe
Office aktivator cz KSMpico.exe
BS.Player 2.74.exe
KMSpico 10.1.9 Windows and Office Activator.exe
DAEMON Tools Lite2020.exe
Farm Mania �ESKY! .exe
Gay porn Free CZ.exe
Aktivator ilegalni windows 10.exe
Half-life (crack).exe
AVG PC Tuneup 2020.exe
274qxsg6j941muk.exe
Minecraft client 2020.exe
dddd.exe
satanfin.exe
NIGG3R.bin
one.exe
payload_1.bin
Additional accounting requirments.doc
divinity.exe
Elastio Can Help You
Don't let Xorist 2020 ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Xorist 2020 ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Xorist 2020.
Last updated: July 30, 2025