Home Malware Programs Ransomware .waiting Ransomware

.waiting Ransomware

Posted: April 20, 2020

The .waiting Ransomware is a file-locking Trojan that stops media such as documents from opening by encrypting their data. Its attacks include filename alterations for visibility purposes, as well as ransoming messages with uTox support for the negotiations. Victims should recover from a backup after deleting the .waiting Ransomware as soon as practical with trusted anti-malware services.

Independent Trojans Waiting for Ransoms Impatiently

Despite the overwhelming fecundity of RaaS families from Russia's Scarab Ransomware and Asia's STOP Ransomware to Dharma Ransomware, individual Trojans with the same attacks are far from dead. The Mind Ransomware, the SaveTheQueen Ransomware, and the current the .waiting Ransomware show how threat actors, still, have an enthusiasm for delivering file-locking attacks without attaching themselves to an established business – and that business's cut of the profits. The .waiting Ransomware shows some aspects of a copy-and-paste job, but malware experts also see some minor creativity in its extortion.

The .waiting Ransomware uses unknown encryption algorithms for locking files, with targeted formats including most text documents, pictures, audio, spreadsheets and space-compressed archives. Malware researchers also are pointing out the difference in filename formatting that the .waiting Ransomware includes in the process. This feature adds an ID and campaign-specific string, similar to a RaaS. A stark contrast is that it goes without any brackets or an e-mail address.

The .waiting Ransomware, like many Trojans with encryption features, uses an HTA file as a pop-up ransoming message. It includes some disingenuous claims, such as a threat that the Trojan is copying media to the attacker's storage server, and the usual social engineering exploits like a countdown clock and a 'free sample' of the unlocker. Its least-traditional feature is the uTox button, which opens the uTox client program that the .waiting Ransomware drops on the C drive, and gives the victim a means of negotiating with the threat actor in 'real-time.'

Don't Wait Too Long for Protecting Your Files

A live chatting feature isn't absent from all known versions of past, file-locker Trojans. Some of the less-common examples of similar campaigns include the INPIVX Ransomware and R Ransomware's NMCRYPT Ransomware variant. The specific implementation here, however, which involves dropping a secondary program, is semi-unique to the .waiting Ransomware.

Malware researchers see samples of the .waiting Ransomware only for Windows systems. Users with that OS should consider implementing all of the basics for protecting their work from encryption attacks, including disabling RDP, using secure passwords, turning macros off in documents or spreadsheets, and, most importantly, having remote backups under metaphorical lock and key. Decrypting and unlocking files that the .waiting Ransomware affects is currently estimated as impossible.

As another means of defense, any user with anti-malware products active and running with their latest databases should be capable of deleting the .waiting Ransomware on sight, either before or after any attacks.

While the .waiting Ransomware awaits ill-gotten earnings, its future victims are opening attachments and downloading torrents unknowingly. Until its attacker's infection strategies receive more illumination, there's little to do but back one's work up and assume that every unscanned download is a possible danger.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to .waiting Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.