Bansomqare Wanna Ransomware
Posted: March 28, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 94 |
| First Seen: | March 5, 2025 |
|---|---|
| OS(es) Affected: | Windows |
The Bansomqare Wanna Ransomware is a file-locking Trojan that compromises PCs by pretending to be an installer or update for the WhatsApp messaging client. Some versions of the Bansomqare Wanna Ransomware include bugs, but a functioning payload provides for the blocking of the victim's files and a pop-up message imitating the WannaCryptor Ransomware. Although free decryption may be possible, you always should delete the Bansomqare Wanna Ransomware with an anti-malware product before it attacks.
What's Up with a Fake WhatsApp
A fraudulent variant of WhatsApp is hijacking that popular instant messaging program's brand identity for enabling its file-locking attacks. The Bansomqare Wanna Ransomware, the Trojan in question, also includes additional misinformation, even after its payload finishes locking the user's media. Malware experts speculate that the Bansomqare Wanna Ransomware is in development due to the presence of bugs that interfere with its payload, although, when fixed, the Trojan should be capable of locking media just as well as Hidden Tear, EDA2, or the Globe Ransomware.
The Bansomqare Wanna Ransomware's executable includes both the WhatsApp icon and forged copyright information for tricking a victim into running it. The ones available to malware experts, for now, crash and generate generic Windows errors afterward instead of launching their payloads. However, sufficient features remain available for analyses to confirm all of the Bansomqare Wanna Ransomware's 'intended' attacks:
- The Bansomqare Wanna Ransomware uses a non-secure encryption method to lock different file types, such as documents, throughout the PC's hard drives. It also adds a new '.bitcoin' extension onto every file that it locks in this manner.
- After it completes its data-encrypting routine, the Bansomqare Wanna Ransomware launches an HTA pop-up window with content that its threat actors stole from the WannaCryptor Ransomware family. The message includes a timer with a warning of a rise in the ransom and a one hundred USD demand, for the victim to pay in Bitcoins, for downloading the decryption solution that restores their media.
Since the Bansomqare Wanna Ransomware isn't a variant of WannaCryptor Ransomware, any users who run a decryption tool compatible with that family will cause additional data corruption and make their files non-recoverable permanently.
Keeping Double-Layered Frauds out of Your Files
The Bansomqare Wanna Ransomware's campaign is both a showing of how threatening it is for users to run files from unofficial sources, as well as of the dangers of making presumptions about a file-locking threat, based on its appearance. The distribution methods for threats pretending to be various forms of freeware, similarly to the Bansomqare Wanna Ransomware, often use file-sharing networks, such as torrents, or free software websites with inappropriately lax uploading standards. Safe Web-surfing and downloading habits should counteract most means by which the Bansomqare Wanna Ransomware could infect your PC and begin locking your files.
Malware experts are finding signs that the Bansomqare Wanna Ransomware's encryption methods may be susceptible to decryption by third parties with appropriate cryptography experience. However, any users with valuable files always should save backups of them for keeping this threat from placing their data in a hostage situation securely. Many anti-malware services also may delete the Bansomqare Wanna Ransomware as a threat to your computer without experiencing any issues.
Downloading new programs from an unfamiliar source is an unfortunate Web-browsing habit that the con artists can use against those who indulge in it. The Bansomqare Wanna Ransomware may lock your files automatically, but only you're to blame for downloading WhatsApp from anyplace other than an officially-endorsed link.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.