Waffle Ransomware
Posted: November 7, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 7 |
| First Seen: | December 2, 2018 |
|---|---|
| Last Seen: | July 23, 2019 |
| OS(es) Affected: | Windows |
The Waffle Ransomware is a Trojan that can lock your files and display pop-ups that demand money for recovering them. PC users always can remove leverage from the payloads of these file-locking threats by keeping backups of their work in locations or on devices that the Trojan can't damage. Most anti-malware programs should be able to remove the Waffle Ransomware before it starts locking any files, although they also may help you recover by deleting it after an attack.
Having Your Breakfast with a Side of Bitcoin Extortion
As much as Trojans benefit from skillful programming to avoid detection or conduct attacks with efficiency, they also have a great deal to gain from purely psychological attacks. Threat actors who want to reap the financial harvests of Trojans like the Jigsaw Ransomware without putting their effort into similarly comprehensive attacks will often, instead, merely lie to their victims. Malware experts are dating one of their latest examples, the Waffle Ransomware, as being just such an attempt at supporting traditional data attacks with a foundation of falsehoods.
The Waffle Ransomware's main feature is a data-enciphering attack that searches directories for files fitting media-oriented formats and encrypts them via AES (and no additional protection, such as RSA encoding on the generated key). It also modifies this locked content with the cosmetic addition of a '.waffles' extension before creating its ransom note: a pop-up window that shows its ransom note and a background image of waffles.
The threat actors responsible for the Waffle Ransomware are demanding fifty USD through the Bitcoin cryptocurrency before they'll restore the user's files, although the Trojan gives no other links, besides the Bitcoin wallet's address. Significant accompanying claims include a one-day timing limit and what malware analysts are judging as an unsubstantiated threat that the Trojan will delete additional files if the user tries to terminate it. Unlike the Jigsaw Ransomware, and similar threats, from which the Waffle Ransomware derives its inspiration, the Trojan doesn't delete content on a timer-related basis or when it launches after a system reboot.
A Change in Your Computer's Meal Plans
While victims of the Waffle Ransomware infections should prioritize dealing with the breach of security before recovering their files, malware analysts can recommend data restoration options that don't require paying ransoms. The Waffle Ransomware's current encoding standard is purely AES-based and should be compatible with decryption attempts by third-party researchers with any experience dealing with file-locking Trojans. Backing up your files to devices that are less at risk of infection than your primary PC also is highly encouraged as a default way of protecting your digital media.
Samples of the Waffle Ransomware date to no earlier than October but provide no additional information, for now, on how its threat actors might distribute them. Cybercrooks sometimes attach file-locking Trojans or delivery mechanisms for these threats to spam e-mail, pirated content-based downloads or fake software patches. For virtually any case of infection besides a manual introduction, your anti-malware programs can block the Waffle Ransomware immediately and delete this Trojan before it starts its payload.
Believing the words coming out of a cybercrook's mouth, usually, is no more than a way of making yourself even more of a victim than you already might be. Ransoming messages from the Waffle Ransomware and other Trojans always should be viewed through a filter of healthy skepticism.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.