File extension .xffeimi

Hello David. Yes CTB locker virus upon infection, scans the computer and encrypts data based on file-types, targeting many types of files used in the enterprise, such as .PDF, .XLS, and .PPT to name a few. Upon encrypting the files, the virus will create a .TXT and .HTML file with instructions on how to obtain the decryption key, which will be available after paying the ransom stated (up to 3BTC). To decrypt the data the private key which exists only on the attackers’ C&C (Command and Control) server must be obtained. So without access to the attackers’ systems decryption is impossible. Glad to know that you had the backup of your files.

Thanks for the reply. I did try manually deleting the extention, but the files just opened with a series of garbeled letters…

But I also found the problem - but not the solution!  The pc of one of the members of the shared Dropbox-folder was hit by the CTB-Locker virus (which locks all files by putting a randomly generated exention onto them). This apparently also affects files in Dropbox.

Luckily I made a back-up of the Dropbox five days before, so the damage (for me) was not disastrours.

But at least I know know what caused the problem…

Hello David. Yes CTB locker virus upon infection, scans the computer and encrypts data based on file-types, targeting many types of files used in the enterprise, such as .PDF, .XLS, and .PPT to name a few. Upon encrypting the files, the virus will create a .TXT and .HTML file with instructions on how to obtain the decryption key, which will be available after paying the ransom stated (up to 3BTC). To decrypt the data the private key which exists only on the attackers’ C&C (Command and Control) server must be obtained. So without access to the attackers’ systems decryption is impossible. Glad to know that you had the backup of your files.

Several .doc, .docx, .xls and .xls files in a shared Dropbox folder suddenly had the extra file extention of .xffeimi making them impossible to open.

Has anyone else experienced this?
Is it caused by a virus? Scanning the folder with AVG produces no virus warnings.

Hello David. It looks like a weird file extension. Have you tried deleting that extension manually?

Thanks for the reply. I did try manually deleting the extention, but the files just opened with a series of garbeled letters…

But I also found the problem - but not the solution!  The pc of one of the members of the shared Dropbox-folder was hit by the CTB-Locker virus (which locks all files by putting a randomly generated exention onto them). This apparently also affects files in Dropbox.

Luckily I made a back-up of the Dropbox five days before, so the damage (for me) was not disastrours.

But at least I know know what caused the problem…