Bansomqare Wanna Ransomware

The Bansomqare Wanna Ransomware is a file-locking Trojan that compromises PCs by pretending to be an installer or update for the WhatsApp messaging client. Some versions of the Bansomqare Wanna Ransomware include bugs, but a functioning payload provides for the blocking of the victim's files and a pop-up message imitating the WannaCryptor Ransomware. Although free decryption may be possible, you always should delete the Bansomqare Wanna Ransomware with an anti-malware product before it attacks.

What's Up with a Fake WhatsApp

A fraudulent variant of WhatsApp is hijacking that popular instant messaging program's brand identity for enabling its file-locking attacks. The Bansomqare Wanna Ransomware, the Trojan in question, also includes additional misinformation, even after its payload finishes locking the user's media. Malware experts speculate that the Bansomqare Wanna Ransomware is in development due to the presence of bugs that interfere with its payload, although, when fixed, the Trojan should be capable of locking media just as well as Hidden Tear, EDA2, or the Globe Ransomware.

The Bansomqare Wanna Ransomware's executable includes both the WhatsApp icon and forged copyright information for tricking a victim into running it. The ones available to malware experts, for now, crash and generate generic Windows errors afterward instead of launching their payloads. However, sufficient features remain available for analyses to confirm all of the Bansomqare Wanna Ransomware's 'intended' attacks:

• The Bansomqare Wanna Ransomware uses a non-secure encryption method to lock different file types, such as documents, throughout the PC's hard drives. It also adds a new '.bitcoin' extension onto every file that it locks in this manner.
• After it completes its data-encrypting routine, the Bansomqare Wanna Ransomware launches an HTA pop-up window with content that its threat actors stole from the WannaCryptor Ransomware family. The message includes a timer with a warning of a rise in the ransom and a one hundred USD demand, for the victim to pay in Bitcoins, for downloading the decryption solution that restores their media.

Since the Bansomqare Wanna Ransomware isn't a variant of WannaCryptor Ransomware, any users who run a decryption tool compatible with that family will cause additional data corruption and make their files non-recoverable permanently.

Keeping Double-Layered Frauds out of Your Files

The Bansomqare Wanna Ransomware's campaign is both a showing of how threatening it is for users to run files from unofficial sources, as well as of the dangers of making presumptions about a file-locking threat, based on its appearance. The distribution methods for threats pretending to be various forms of freeware, similarly to the Bansomqare Wanna Ransomware, often use file-sharing networks, such as torrents, or free software websites with inappropriately lax uploading standards. Safe Web-surfing and downloading habits should counteract most means by which the Bansomqare Wanna Ransomware could infect your PC and begin locking your files.

Malware experts are finding signs that the Bansomqare Wanna Ransomware's encryption methods may be susceptible to decryption by third parties with appropriate cryptography experience. However, any users with valuable files always should save backups of them for keeping this threat from placing their data in a hostage situation securely. Many anti-malware services also may delete the Bansomqare Wanna Ransomware as a threat to your computer without experiencing any issues.

Downloading new programs from an unfamiliar source is an unfortunate Web-browsing habit that the con artists can use against those who indulge in it. The Bansomqare Wanna Ransomware may lock your files automatically, but only you're to blame for downloading WhatsApp from anyplace other than an officially-endorsed link.