.waiting Ransomware
The .waiting Ransomware is a file-locking Trojan that stops media such as documents from opening by encrypting their data. Its attacks include filename alterations for visibility purposes, as well as ransoming messages with uTox support for the negotiations. Victims should recover from a backup after deleting the .waiting Ransomware as soon as practical with trusted anti-malware services.
Independent Trojans Waiting for Ransoms Impatiently
Despite the overwhelming fecundity of RaaS families from Russia's Scarab Ransomware and Asia's STOP Ransomware to Dharma Ransomware, individual Trojans with the same attacks are far from dead. The Mind Ransomware, the SaveTheQueen Ransomware, and the current the .waiting Ransomware show how threat actors, still, have an enthusiasm for delivering file-locking attacks without attaching themselves to an established business – and that business's cut of the profits. The .waiting Ransomware shows some aspects of a copy-and-paste job, but malware experts also see some minor creativity in its extortion.
The .waiting Ransomware uses unknown encryption algorithms for locking files, with targeted formats including most text documents, pictures, audio, spreadsheets and space-compressed archives. Malware researchers also are pointing out the difference in filename formatting that the .waiting Ransomware includes in the process. This feature adds an ID and campaign-specific string, similar to a RaaS. A stark contrast is that it goes without any brackets or an e-mail address.
The .waiting Ransomware, like many Trojans with encryption features, uses an HTA file as a pop-up ransoming message. It includes some disingenuous claims, such as a threat that the Trojan is copying media to the attacker's storage server, and the usual social engineering exploits like a countdown clock and a 'free sample' of the unlocker. Its least-traditional feature is the uTox button, which opens the uTox client program that the .waiting Ransomware drops on the C drive, and gives the victim a means of negotiating with the threat actor in 'real-time.'
Don't Wait Too Long for Protecting Your Files
A live chatting feature isn't absent from all known versions of past, file-locker Trojans. Some of the less-common examples of similar campaigns include the INPIVX Ransomware and R Ransomware's NMCRYPT Ransomware variant. The specific implementation here, however, which involves dropping a secondary program, is semi-unique to the .waiting Ransomware.
Malware researchers see samples of the .waiting Ransomware only for Windows systems. Users with that OS should consider implementing all of the basics for protecting their work from encryption attacks, including disabling RDP, using secure passwords, turning macros off in documents or spreadsheets, and, most importantly, having remote backups under metaphorical lock and key. Decrypting and unlocking files that the .waiting Ransomware affects is currently estimated as impossible.
As another means of defense, any user with anti-malware products active and running with their latest databases should be capable of deleting the .waiting Ransomware on sight, either before or after any attacks.
While the .waiting Ransomware awaits ill-gotten earnings, its future victims are opening attachments and downloading torrents unknowingly. Until its attacker's infection strategies receive more illumination, there's little to do but back one's work up and assume that every unscanned download is a possible danger.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.