WannaCash Ransomware Description
The WannaCash Ransomware is a Russian file-locking Trojan that uses the AES-256 encryption for blocking media, such as Word documents. Besides locking your work, the WannaCash Ransomware also may cover the screen with its pop-up and interfere with your accessing the Windows interface. Use anti-malware products for deleting the WannaCash Ransomware or protecting your PC from infection, and backups or free decryption solutions for any media recovery.
A Trojan that's Taking Over Monitors and Files Alike
Russian file-locking campaigns like those of the thoroughly-analyzed Scarab Ransomware family, the lesser-known JabaCrypter Ransomware, or the WinRAR-abusing RaRuCrypt Ransomware are acquiring more competition. The newest Trojan leveraging encryption for blocking files and extorting money, the WannaCash Ransomware, has no history with any of the above threats. However, it delivers both data-locking attacks and other features that impede the security and accessibility of the compromised computer.
Malware experts are connecting all distribution attempts for the WannaCash Ransomware to illegal gaming cracks, such as key generators and databases, that its victims may encounter on corrupted websites or over a file-sharing network. The installation routine includes showing fake key-registration entries before restarting the computer, which lets the WannaCash Ransomware launch its file-locking attack. This Trojan uses the AES-256 in CBC mode for its encryption routine, and, unlike most of its competition, prepends an 'encrypted' string and parentheses instead of appending an extension – for instance, 'picture.jpg' becomes 'encrypted (picture.jpg).'
The WannaCash Ransomware also loads a pop-up that blocks the desktop while locking the mouse cursor's movement to this window simultaneously. Besides being in Russian, most of the ransoming instructions in the three tabs of this pop-up are ordinary, except for a Yandex-based payment for restoring your files. Since the WannaCash Ransomware's encryption is non-secure and other PC security researchers, are offering their free decryption help already, paying the Ruble fee is not an act that malware experts can endorse.
The Cash Grab that Got Ahead of Itself
Besides any file recovery issues, the WannaCash Ransomware's ransoming method also includes a significant oversight: the fact that Yandex payments could help the authorities trace the identity of the threat actor. The sub-one hundred USD price of data unlocking also further implies that the WannaCash Ransomware's authors have a minimum of experience at managing file-locking Trojans and are targeting equally inexperienced PC users, such as teenagers looking for free games. The Trojan hasn't been seen operating with payload adjustments using non-Russian ransoming components.
The WannaCash Ransomware's campaign may be destined for brevity, or not. Even if its author suffers imprisonment, the Trojan can continue circulating online and pose a potential danger to anyone who forgets to take care of their files.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to WannaCash Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.