Xinof emerged as a variant of Fonix ransomware, first observed in November 2020. This group operates with a clear financial motivation, employing encryption techniques to extort payments from victims. Xinof distinguished itself by appending a unique extension, such as '.XINOF', to encrypted files and by displaying a fake Windows update screen during the encryption process, which also included changing the desktop wallpaper. The group's operation was short-lived, as the developers of Fonix ransomware publicly announced its shutdown in February 2021. The group frequently demanded ransom in Bitcoin, threatening to double the amount if victims failed to establish contact within 48 hours and to delete files if payments were not made. There are no known aliases for Xinof beyond its classification as a Fonix variant, and its operations ceased relatively quickly after its emergence.

URLs nuevas detectadas en IntelTracker