New ransomware? .XTBL files. Any experts here?

[Bogica]

Hey all, I just got a call from an acquaintance about hes PC being locked down. I thought it was your usual virus/trojan and I'd just do a PC scan and clean it.

Oh boy, was I WRONG!
Apparently it's some new type of ransomware (February 2015 was as old as I could find it online).

It locks up all the files on the PC, changes their format to .XTBL and creates readme's everywhere with the attackers email address. I haven't tried going that way but once contacted (he contacted them) they requested 200e for the unlock. From my research online it turns out once you pay them, they will send a decrypter specific for your key (which is in the readme) and it will unlock the files. Removing the virus does not help at all, the files remain encrypted and no decrypter has been made. People have tried bruteforcing it and failed miserably due to the unknown key length.

The files on hes PC are important, he is a photographer and the infection spread to EVERYTHING. So he no longer has access to any of hes files which he needs. There are no backups on other drives/external hdd. Using a shadow copy helps with this particular virus, but there aren't any shadow copies on the PC.
Any ideas? Any suggestions? Any help is appreciated.

Kind regards and keep your eyes open against this type of ransomware.

Cheers,

Bogica

[2FA]

From the sounds of it, nothing can really be done. Serves a good lesson to make backups and create redundancy.

[Bogica]

From the sounds of it, nothing can really be done. Serves a good lesson to make backups and create redundancy.

Oh I do, all my important stuff is on an external HDD, but only the most important stuff. But your average used doesn't. This could turn out quite problematic if it's no countered soon enough. But I'm guessing anyone with a decent AV should be protected.