WannaCash Ransomware

WannaCash Ransomware Description

The WannaCash Ransomware is a Russian file-locking Trojan that uses the AES-256 encryption for blocking media, such as Word documents. Besides locking your work, the WannaCash Ransomware also may cover the screen with its pop-up and interfere with your accessing the Windows interface. Use anti-malware products for deleting the WannaCash Ransomware or protecting your PC from infection, and backups or free decryption solutions for any media recovery.

A Trojan that's Taking Over Monitors and Files Alike

Russian file-locking campaigns like those of the thoroughly-analyzed Scarab Ransomware family, the lesser-known JabaCrypter Ransomware, or the WinRAR-abusing RaRuCrypt Ransomware are acquiring more competition. The newest Trojan leveraging encryption for blocking files and extorting money, the WannaCash Ransomware, has no history with any of the above threats. However, it delivers both data-locking attacks and other features that impede the security and accessibility of the compromised computer.

Malware experts are connecting all distribution attempts for the WannaCash Ransomware to illegal gaming cracks, such as key generators and databases, that its victims may encounter on corrupted websites or over a file-sharing network. The installation routine includes showing fake key-registration entries before restarting the computer, which lets the WannaCash Ransomware launch its file-locking attack. This Trojan uses the AES-256 in CBC mode for its encryption routine, and, unlike most of its competition, prepends an 'encrypted' string and parentheses instead of appending an extension – for instance, 'picture.jpg' becomes 'encrypted (picture.jpg).'

The WannaCash Ransomware also loads a pop-up that blocks the desktop while locking the mouse cursor's movement to this window simultaneously. Besides being in Russian, most of the ransoming instructions in the three tabs of this pop-up are ordinary, except for a Yandex-based payment for restoring your files. Since the WannaCash Ransomware's encryption is non-secure and other PC security researchers, are offering their free decryption help already, paying the Ruble fee is not an act that malware experts can endorse.

The Cash Grab that Got Ahead of Itself

Besides any file recovery issues, the WannaCash Ransomware's ransoming method also includes a significant oversight: the fact that Yandex payments could help the authorities trace the identity of the threat actor. The sub-one hundred USD price of data unlocking also further implies that the WannaCash Ransomware's authors have a minimum of experience at managing file-locking Trojans and are targeting equally inexperienced PC users, such as teenagers looking for free games. The Trojan hasn't been seen operating with payload adjustments using non-Russian ransoming components.

Decryption of any files is, as noted earlier, free for the WannaCash Ransomware. However, its author could change the encryption routine at a later date, and updating your external backups is a highly-recommended solution for all Trojans with file-locking payloads. Professional anti-malware protection may block known, unsafe websites or associated content (such as a drive-by-download JavaScript exploit), or detect the Trojan's installer inside of a download, when appropriate. Any users who need to restore the Windows accessibility should reboot with a recovery device or use Safe Mode before uninstalling the WannaCash Ransomware with a trusted security program.

The WannaCash Ransomware's campaign may be destined for brevity, or not. Even if its author suffers imprisonment, the Trojan can continue circulating online and pose a potential danger to anyone who forgets to take care of their files.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to WannaCash Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: July 30, 2018
Home Malware Programs Ransomware WannaCash Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.