XAMPP Ransomware Removal Guide

Do you know what XAMPP Ransomware is?

When you find the warning message of XAMPP Ransomware on your screen, it is quite likely that you will lose all your text and program files in a certain directory. Our researchers say that interestingly, this malware infection only attacks a PHP-related folder and its files, so if you do not have that on your system, you may just get away with this threat untouched this time. In any case, it is not fortunate to get infected with a ransomware program to say the least. This clearly means that your system is vulnerable and if you do not have regularly saved backups of your files, it is possible that you lose them in this hit. Instead of risking paying the ransom fee, however little amount it is, we suggest that you remove XAMPP Ransomware immediately if you want to recover your PC. Please read the rest of our report to learn more about this ransomware infection and how you may avoid similar ones in the future.

It is essential to know that there are two main channels through which ransomware programs usually spread and infected their unsuspecting victims. First, the most widely used method is spamming. Our researchers have found that this malware infection mostly uses this method to spread, too. A spam is a rather effective way to fool inexperienced as well as experienced computer users since it is based on the innate human curiosity factor. Sophisticated spam mails of today can be very deceiving and convincing at the same time. How could you say no, for example, to a mail seemingly coming from the local police department, a major Internet provider, or a bank?

What’s more, such a mail will most likely come with a subject matter that would make you believe that it is important for you to open it right away. However, seeing the content of this mail will not bring you closer to understanding what this seemingly “urgent” matter is really about since you are only pushed to check out the attached file. In fact, this spam is all about this file attachment and making you to download it and open it. Do you know why? Because this is how this infection is activated. But since this ransomware can finish its job very quickly, there is no way for you to delete XAMPP Ransomware before the damage is done. This is a general rule in the case of ransomware infections that when you notice the threat and remove it, your files have already been encrypted and you can only recover them if you have the decryption key or you find a free tool on the web created by malware hunters.XAMPP Ransomware Removal GuideXAMPP Ransomware screenshot
Scroll down for full removal instructions

Another likely way for such dangerous programs to infiltrate your system without your knowledge is through so-called Exploit Kits. If your browsers and drivers (Adobe Flash, Quicktime, and Java) are not regularly updated, cyber criminals can take advantage of certain software bugs and thus drop infections onto your system. This usually happens when you load a malicious webpage armed with Exploit Kits in your outdated browser. You can easily land on such a page if you are not cautious with your clicks and end up clicking on unsafe third-party content while surfing the web. Although our researchers cannot confirm that XAMPP Ransomware is distributed in this way, we would like to emphasize the importance of updating your programs and drivers.

After you run the file you saved from the spam mail, it looks for a specific folder located at “C:\xampp\htdocs.” The “xampp” directory is related to PHP development; therefore, if you are not a programmer, it is highly unlikely that you will have this folder on your system. If however there is such a directory, this ransomware encrypts all your files with .txt, .doc, .png, .html, and .php extensions in it. Once encrypted, the files are given a “.locked” extension. The whole process should not take more than a few seconds really because this infection uses the built-in encryption algorithm of your Windows called AES-256. When the dirty job is done, the ransom note pop-up comes up on your screen. This note is in Italian language, which leads us to the assumption that mostly Italian speakers are targeted by this ransomware; or, the crooks behind it simply cannot speak English and did not think to use Google Translator.

These criminals demand as little as 2.2 euros, which is around 2.34 US dollars, for the alleged decryption key, which you are supposed to get after you transfer the fee and have to enter in the box provided in this ransom note window to unlock your files. Obviously, there is no guarantee that these crooks will deliver as promised. Another thing is that apart from a name, Alessandro Nava, there is no other information revealed as to where you have to send that money. As a matter of fact, we would not advise you to pay anyway. There is only one thing for you left to do: You need to remove XAMPP Ransomware from your computer ASAP.

You are in the luck if you have a backup because you can simply delete the malicious executable file, which could have a random name, and then, you can transfer your clean files back to your hard drive. Please follow our guide below if you need help with this. Do not forget the possibility that there could be other malware infections on your system, too. If you cannot tackle them manually, we advise you to employ a reliable anti-malware tool, such as SpyHunter. Should you have any problems with the removal of XAMPP Ransomware, please leave us a comment below this article.

Remove XAMPP Ransomware from Windows

  1. Tap Win+E to open File Explorer.
  2. Delete the malicious executable file you saved.
  3. Empty the Recycle Bin and restart your computer.

In non-techie terms:

XAMPP Ransomware is a dangerous malware infection with an Italian ransom note that has hit the web recently. The good news about this threat is that it only seems to target one specific folder as yet, which is connected to PHP development; therefore, not all computer users are really damaged by this ransomware. Nevertheless, this is still a dangerous program that should be taken seriously even though the ransom fee these criminals try to extort from the victims is literally ridiculous. We do not advise you to transfer this money and not only due to the fact that there is no Bitcoin or any other address provided. Paying money to cyber criminals is as good as supporting them to commit further online crimes. We recommend that you remove XAMPP Ransomware ASAP. If you cannot do this manually, you can always use a reliable anti-malware program.