WALAN Ransomware
The WALAN Ransomware is a file-locker Trojan that blocks media, such as documents, on your computer and sells the unlocking solution to its victims. Any files that it affects will not open in their associated applications and will have extensions referencing the WALAN Ransomware. Keeping both anti-malware services for deleting the WALAN Ransomware and backups for file recovery are equally valuable defenses.
The United Kingdom's Stray Trojan Troubles
File-locking Trojans aren't always identifiable so easily, even though distinctive characteristics like pop-ups, family-formatted ransoming messages, and even ransom-negotiating ID styles lend breadcrumb trails towards a Trojan's ancestors. Strays and unrecognizable individuals, also, may appear, such as the WALAN Ransomware. Malware researchers find only attacks from the file-locking Trojan targeting the United Kingdom, although its campaign is in its early stages of deployment.
The WALAN Ransomware blocks files with encryption, and its format list includes the traditional data types, such as Adobe PDF documents, among others. It, then, tags the file's name with the 'WALAN' string without erasing the first extension (for example, 'picture.jpg.WALAN') and creates a text file with its ransoming demands. None of these elements are especially exceptional for file-locking Trojans, especially, for Ransomware-as-a-Service or RaaS-based ones.
The message that the WALAN Ransomware delivers offers limited help on its possible relatives. Malware experts note its previous inclusion in the COPAN Ransomware campaigns, which form a part of the DCRTR-WDM Ransomware family. However, sharing or collecting ransoming messages is commonplace. Users testing any unlocking or decryption applications should copy their data for safety's sake, first.
From West to East with Trojan Tracking
Almost every trait of the WALAN Ransomware's payload has little that stands out, but malware analysts are finding one detail of interest in its history. The e-mail address that the WALAN Ransomware's campaign uses for negotiating has a previous connection with Chinese lottery websites. Whether this background is evidence of the account's changing hands or is compromised requires more investigation.
Regardless, it's self-evident that the WALAN Ransomware's attacks aren't limiting themselves to operating inside of China. Its ransoming messages use fluent English, and there are no Chinese-equivalent components in the program's payload.
Backing up one's files to other, secure places will hamper any leverage that the WALAN Ransomware infections build off of their attacks. Malware experts recommend especially not depending on Windows Restore Points or NAS devices exclusively, which Trojans of this category can target for wiping. Anti-malware products experience problems with removing threats of this class rarely and should delete the WALAN Ransomware, even if they can't undo the effects of its payload.
The WALAN Ransomware's history spans the world, but it's not much more than a clone of past efforts at Trojan development. Ransoming digital media is a global business, even if the tools are as humble as a software lock-and-key.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.