Home Malware Programs Ransomware ANDRZEJ DUPA Ransomware

ANDRZEJ DUPA Ransomware

Posted: May 1, 2018

The ANDRZEJ DUPA Ransomware is a minor variant of the Bansomqare Wanna Ransomware that includes a working file-locking feature, as well as advanced pop-ups features for displaying its ransoming warnings. Backing up your files can protect them from attacks that cause non-consensual encryption or deletion. Victims of these attacks always should let their anti-malware software or a cyber-security professional uninstall the ANDRZEJ DUPA Ransomware safely.

The Question of 'WhatsApp' with Your Files Again

The con artists are distributing the file-locker Trojan of the Bansomqare Wanna Ransomware, which hides as an update or installer for WhatsApp, with a new variant of its ransoming message. This clone, the ANDRZEJ DUPA Ransomware, continues imitating the '.wcry File Extension' Ransomware's pop-up warning and also includes corrections to the glitches that limited its ancestor's data-locking capabilities. Malware experts are recommending backing up any media that this threat could attack, such as text documents, images, audio or archives.

The ANDRZEJ DUPA Ransomware attacks these non-essential formats of media with a fixed version of the Bansomqare Wanna Ransomware's encryption feature, which locks the affected files to keep them from opening. It also gives them a new extension ('ZaszyfrowanePliki') that replaces the '.bitcoin' one of the Bansomqare Wanna Ransomware. Malware researchers have yet to verify whether any files that the ANDRZEJ DUPA Ransomware locks are decryptable and recommend contacting a cryptography expert within the cyber-security community for any help you may need on this method of 'unlocking' your data.

The pop-up alert that the ANDRZEJ DUPA Ransomware generates is in an HTA format, and imitates the appearance of the '.wcry File Extension' Ransomware family, including a time limit, a data deletion threat, and a demand for one hundred USD in Bitcoins. No evidence corroborates the ANDRZEJ DUPA Ransomware's having any features associated with erasing your files, once its countdown reaches zero, and malware experts recommend ignoring the ransom demand, if possible. The Trojan also accompanies it with a Notepad file that provides related extortion transaction information.

Closing the Book on the Latest of '.wcry File Extension' Ransomware's Imitators

The ANDRZEJ DUPA Ransomware isn't a direct relative of the '.wcry File Extension' Ransomware, but its pop-up warning uses the format of that family for giving itself a plausible appearance of security and professionalism. Users never should assume that decryption, whether free or paid for, is available for any file-locking Trojan, and malware experts always recommend backing up the files that are too valuable to risk losing. Like the Bansomqare Wanna Ransomware, the ANDRZEJ DUPA Ransomware uses the disguise of the freeware 'WhatsApp' program for installing itself and may circulate via malvertising (AKA 'malicious advertising'), torrents or drive-by-downloads from hostile websites.

According to the evidence available to malware analysts, the ANDRZEJ DUPA Ransomware's threat actors aren't native speakers of English even though most of the ransoming components use that language. The ANDRZEJ DUPA Ransomware's infection vectors may target Polish PC users, but its encryption should impact virtually all Windows systems with any significant digital media saved. Standard anti-malware technology should block or delete the ANDRZEJ DUPA Ransomware as appropriate, and manual removal of this threat is not encouraged for most users.

The ANDRZEJ DUPA Ransomware is another file-locker Trojan that looks like something it isn't, which is endemic to its industry. Victims of file-locking attacks should beware of assuming that what they see on their screens are indicative of what's happening to their files since the cost of such an assumption can be the permanent loss of documents and other media.

Loading...