AutoWannacryV2 Ransomware
The 'AutoWannacryV2' Ransomware is a file-locking Trojan that pretends that it's a member of the WannaCryptor Ransomware or '.wcry File Extension' Ransomware family. Unlike those Trojans, the 'AutoWannacryV2' Ransomware uses a non-secure locking routine that should be easily decryptable, although malware experts, still, recommend having a non-local backup. Let your anti-malware programs delete the 'AutoWannacryV2' Ransomware, once they detect it, and avoid noted infection sources, such as suspicious e-mail attachments.
Ransomware-as-a-Service Gets More Ransomware-as-a-Fraud
The RaaS industry of developing file-locking Trojans that third parties hire is enjoying more than a little success, as one can see with the campaigns of the Scarab Ransomware, the Globe Ransomware, and the WannaCryptor Ransomware. Other criminals benefiting from the wake of such attacks may steal the 'brand names' of these Trojans for themselves, without paying for the real program. This secondary layer of deception is one that malware experts note most widely within the Globe Imposter Ransomware family, but it also is a feature of the new the 'AutoWannacryV2' Ransomware.
The 'AutoWannacryV2' Ransomware pretends that it's a new build of the WannaCryptor Ransomware, which is significant for its sophisticated production and, for the most recent versions, a secure data-encrypting feature. However, our malware analysts are confirming that the 'AutoWannacryV2' Ransomware is an independent program that shares no code in kind with that Trojan, and uses a different, less-than-secure encryption algorithm. Like most file-locker Trojans, the 'AutoWannacryV2' Ransomware blocks media that can range from text documents and pictures to archives or movie files.
The 'AutoWannacryV2' Ransomware also drops a separate executable that provides a decryption service. While it doesn't imitate the WannaCryptor Ransomware's HTA pop-up, it does include several warning messages and recommends against brute-forcing the solution. Malware experts can confirm that the builds known to them use a static key of '123qwe' for this decryptor, which could help the users restore their files freely. However, the 'final' version of the Trojan is likely of including a different or dynamic password.
Cheaping Out of the Wannabe Wannacry Experience
Because of the chance of further developments in the 'AutoWannacryV2' Ransomware's payload, the users should continue protecting their media by saving copies to other locations that are at lower or no risk of a security breach. In past examinations of file-locker Trojans, malware experts find an extreme minority of them capable of attacking cloud server-based backups that use password protection. Backing up the files to any form of portable storage that you can detach from the PC also is helpful.
While the 'AutoWannacryV2' Ransomware uses UPX-packing technology for hiding itself, its executable is detectable by many brands of security software. File-locking Trojans may drop themselves on your PC after you open a corrupted document (particularly one with macros) or expose an unprotected browser to drive-by-download scripts on a website. Always quarantine or delete the 'AutoWannacryV2' Ransomware with a proper anti-malware product before undertaking any data-unlocking solutions.
The 'AutoWannacryV2' Ransomware is much less problematic than the real '.wcry File Extension' Ransomware or its variants, but still, a danger to your files. Anyone forgetting their backups after saving their work could find that there's an unforeseen price attached to opening it again.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.