Wildfire Locker Ransomware

Posted: July 1, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	98

First Seen:	July 1, 2016
OS(es) Affected:	Windows

The Wildfire Locker Ransomware is a Trojan that holds your data for ransom by using a file-encrypting technology. Although this campaign reroutes its victims to a highly-developed payment site, malware researchers have taken note of the high risk of failure with buying decryptors from threat authors previously, and don't advise that course of action. Your anti-malware programs and regular backups can provide full recovery from this attack and remove the Wildfire Locker Ransomware from your computer.

The Spreading Flame of Threatening Encryptors

An optimized threat campaign often is as much about convincing victims to play into a threat actor's goals as it is about designing the right kinds of applications. Malware researchers see this theme repeating between old threats, such as the LockScreen family Trojans, and new ones, like the Wildfire Locker Ransomware. Besides attacking your PC, the Wildfire Locker Ransomware also uses a streamlined Web interface for cash collection.

The Wildfire Locker Ransomware claims to use an AES-256 CBC-based encryption method. While this methodology is unconfirmed, the Wildfire Locker Ransomware does encrypt files on your PC by isolating particular data types. Commonly-targeted formats include most Microsoft Office extensions, entertainment media like MP3, compressed archives and Web page components. Along with encrypting them to prevent them from being used, the Wildfire Locker Ransomware also inserts additional text strings into their names, including the Trojan's name and a new '.wflx' extension.

This threat then shows behavior very similar to past Trojans like the Cerber Ransomware by placing ransom instructions in three different formats within the affected folders. Following the instructions takes the PC owner to a website that includes detailed descriptions of how to make Bitcoin payments for a decryption solution, how to use a free 'sample' of the decryptor, and how to receive further help from the Trojan's admins. Malware experts also noted the presence of a live, customized countdown timer, potentially exacerbating the victim into making a payment as fast as possible.

Cooling the Potential Burn of Encryption Attacks

The Wildfire Locker Ransomware adds nothing of technical merit to the overcrowded black market of threatening, file encryption programs. However, its use of convenience-emphasizing Web interfaces and suggestive language on the 'appropriate' response to its attacks does indicate many of the trends profitable threats are using in 2016. Although the Wildfire Locker Ransomware doesn't threaten to delete the content it attacks, a threat actor still has no compelling reason to honor any payments made with the intent of achieving data recovery.

Campaigns like the Wildfire Locker Ransomware's often make use of e-mail-based installation methods, although some Trojans of the same category also can distribute themselves through direct hacking or exploit kits. Previously upheld standards in anti-malware security should protect your PC from the majority of these attacks, and malware experts emphasize scanning incoming file attachments that are under any degree of suspicion especially.

Although anti-malware tools may be capable of uninstalling the Wildfire Locker Ransomware, no public decryption options are yet available. As long as campaigns like the Wildfire Locker Ransomware's exist, backing up your work every day may be the sole thing between you and the loss of hundreds of dollars.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe

File name: file.exe
Size: 20 MB (20000000 bytes)
MD5: 5ccbf8d44862379c37d6431459c71d2d
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: July 19, 2016