WANNACASH NCOV Ransomware

The WANNACASH NCOV Ransomware is a file-locking Trojan that targets Russian-speaking PC users preferentially. The WANNACASH NCOV Ransomware extorts ransoms through blocking digital media and rendering it impossible to open. Users can always protect their work by backing it up safely and removing the WANNACASH NCOV Ransomware.

An Often-Overlooked Downside to Software Piracy

In 2018, the little-heard-of WannaCash Ransomware campaign was most notable for its visual flair, geographical spread, and its software theft theme for installation exploits. Years later, a variant of the file-locker Trojan, the WANNACASH NCOV Ransomware, is showing all of the same proclivities, but with updates for 2020. Besides being a problem for users without backup schedules, it also shines a light in the risks of collecting property – even if it's digital.

The WANNACASH NCOV Ransomware is finding thresholds on vulnerable Windows PCs by soliciting the victims with fake software activation tools. These executable, presumably, downloaded through torrents or 'warez' websites, install the Trojan instead of the intended piracy utility. The WANNACASH NCOV Ransomware then proceeds with an updated version of all of the attacks in the past WannaCash Ransomware's payload, such as:

• The Trojan blocks digital media (documents, pictures, etc.) by encrypting their internal data. The WANNACASH NCOV Ransomware also flags their names with a lengthy string that includes a Russian warning, the criminal's e-mail, the Trojan's name, and a serial number. Note that even though the latter resembles the tag for a software version, the WANNACASH NCOV Ransomware changes it per file.
• Like the WannaCash Ransomware, this update of the program can block the UI with pop-ups for its part of its ransoming instructions. However, more comprehensive instructions are in a separate text file.
• The Trojan also changes the wallpaper to a much shorter version of its ransom demands.

It would be highly unusual for threat actors to re-purpose a Trojan as old as the WannaCash Ransomware without re-securing its encryption routine. However, malware analysts have yet to look at the Trojan's cryptography and only can recommend the traditional means of recovery: having a backup on another device that's not available to the Trojan.

Cash for One Russian Criminal is Poverty for Another

The WANNACASH NCOV Ransomware's payload retains the previous regionality that's so noteworthy of the WannaCash Ransomware, the Scarab Ransomware, or the Pottieq Ransomware – all examples of Trojans targeting Russians. With all of its text-based features incorporating Cyrillic, there can be little doubt as to what portion of the world the WANNACASH NCOV Ransomware's campaign is targeting. Malware experts can confirm that even the fake activator scheme anticipates Russian speakers as the downloading users.

Despite these details, the WANNACASH NCOV Ransomware could lock files on any user's computer, irrelevant to their residing nation or language settings. However, Russian Web surfers should take extra care for avoiding illicit download resources, game cracks, activators, and other content that breaches widely-recognized IP laws. Popular movies, music, work productivity programs, and games are probable themes for the WANNACASH NCOV Ransomware's tactics.

Users could create copies of any blocked files for testing with previous WannaCash Ransomware decryptors. More usefully, they also can delete the WANNACASH NCOV Ransomware through the use of a powerful anti-malware apparatus before restoring from their last backup, and always should disregard demands for ransoms.

The WANNACASH NCOV Ransomware is an unexpected fresh beginning for a Trojan whose creaky origins were competitive with the 'big players' scarcely. For those with slipshod downloading habits, though, the difference might be moot, since encrypted files are just as troublesome, whether the program responsible is amateurish or highly-professional.