WannabeHappy Ransomware
Posted: October 27, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | October 27, 2017 |
|---|---|
| Last Seen: | January 9, 2019 |
| OS(es) Affected: | Windows |
The WannabeHappy Ransomware is a file-locker Trojan that can prevent you from opening different formats of media, such as content associated with Microsoft Office programs. Both backups and free decryption programs can give victims ways of recovering without using this Trojan's endorsed method of paying a Bitcoin ransom. Whether or not you need to unlock your media, removing the WannabeHappy Ransomware with specialized anti-malware products will minimize any further security risks or loss of data from the infection.
Threat Actors Who aren't Happy Until They Have What's Yours
Trojans are just starting the deployment of a Trojan with archetypal file-locking features, although the threat in question, the WannabeHappy Ransomware, also appears to be attacking some removable drive types, in addition to local ones. While previous ones could configure such an inclusion with ease, the majority of file-locker Trojans omit it. The new Trojan's payload may be purely out of the whims of its administrators, but it also may mean that the WannabeHappy Ransomware is trying to target systems more likely of using such storage options.
Malware experts have caught no direct samples of the WannabeHappy Ransomware in circulation through the usual exploits, such as fake e-mail attachments, and the Trojan shows no characteristics that would allow it to distribute itself automatically (such as a worm or virus). However, its file-locking feature, with a basis of harmful data encryption, is working as intended. The Trojan may or may not be making changes to the names of any files it enciphers and locks, such as adding another extension to them.
The WannabeHappy Ransomware finalizes its attacks by launching an HTA pop-up that uses a template popular with a variety of Trojan families currently. The window shows a live countdown, general encryption warnings, a list of what files the WannabeHappy Ransomware is blocking, and embedded ransom-collecting and decrypting features. The WannabeHappy Ransomware's authors are demanding five hundred dollars in Bitcoins before providing the key for decoding the victim's files, which the WannabeHappy Ransomware uploads to their server beforehand.
Real Happiness without Wanna-Be's Suggestions
Although the WannabeHappy Ransomware searches over more drives than usual for content to encode and gives an unusual 'thank you' for using it, almost all of its other characteristics are generic, and one can see similar attacks and features from Hidden Tear, EDA2, or the Globe Ransomware, for example. Malware experts are recommending that users be particularly alert to infection vectors including e-mail attachments, website scripts, and vulnerable network logins. Appropriate security practices and software can provide various forms of protection from all of the above.
Paying the Bitcoin ransom that this Trojan requires should be avoided, especially since the WannabeHappy Ransomware is compatible with current decryption solutions on offer by the AV community. Victims can contact reputable anti-malware researchers with experience with file-locking threats for assistance with decoding their files. Alternately, any users with backups can restore their work through them after uninstalling the WannabeHappy Ransomware with a quality anti-malware product.
Threat actors are more than happy to lie about how easy it may or may not be to recover from their attacks when money is on the line. While reading messages from the WannabeHappy Ransomware and Trojans like it, any victims should be careful and remember the context in which these pop-ups are taking place.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.