The Wacatac Ransomware (also iknown as the DeathRansom Ransomware) is a Trojan that adds extensions to your files to make them look locked and demands ransom money in a text note. Future versions may include actual file-locking features, such as individual encryption or moving them into protected archives. Users should treat this Windows program as a threat and let anti-malware programs isolate or delete the Wacatac Ransomware as they find it.
A Digital Warrior Missing Its Most Important Weapon
The Wacatac Ransomware is a file-locking Trojan in progress that's omitting its defining feature: the 'locking' one. While the Wacatac Ransomware currently only conveys all of the other symptoms of such a threat, such a neutered state is commonplace among works-in-progress Trojans. In the meantime, its author intends on making money, with a little help from the careless.
The Wacatac Ransomware adds extensions to media files (such as documents or pictures) that bear the 'wctc' string for identifying itself separately from similar Trojans. This semi-harmless attack disassociates files from their default programs automatically. However, users can reverse it by renaming the media appropriately. The Wacatac Ransomware encrypts files or inserts other information, such as a marker, that flags the content as a hostage.
The second portion of the Wacatac Ransomware's payload that's of significance is its ransom note, a Notepad TXT. Although malware experts are long-familiar with the English template that it uses, the Wacatac Ransomware inserts an extra warning that bluffs that deleting the message can cause 'system corruption.' This tactic would be most effective against users with minimal computer knowledge, which makes it more likely that the Wacatac Ransomware's campaign is going after random individuals, instead of enterprise-level businesses or government networks.
All the Different a Little Trojan Decision Makes
One eyebrow-raising aspect of the Wacatac Ransomware's code is that it reads the user's keyboard layout and diverts into different branches, depending on the result. Sometimes, this behavior is built into Ransomware-as-a-Services operating in Russia for avoiding infecting users in that region of the world explicitly – and risking the wrath of the local law enforcement. Alternately, the Wacatac Ransomware could put this function to use as a way of dropping linguistically-appropriate ransom notes.
Current samples of the Wacatac Ransomware are almost harmless, regarding their capacity for damaging files. However, this neutered state could change at any time, and malware experts recommend treating all Trojans as likely sources of danger to your PC. Expect possible attacks through such vectors as e-mail attachments, torrents themed after pirated media, or Exploit Kits (browser-based threats that launch drive-by-downloads using software vulnerabilities). A lucky world might never see a fully-armed version of the Wacatac Ransomware. Even if that comes to light as the case, there are many more Trojans with real encryption already out there and waiting to extort money from the reckless.