Home Malware Programs Ransomware Wannacry666 Ransomware

Wannacry666 Ransomware

Posted: September 17, 2020

The Wannacry666 Ransomware is a file-locking Trojan that comes from a kit-based family known as the Xorist Ransomware. The Wannacry666 Ransomware can block files of the attacker's preference (usually, digital media like documents, music, pictures or movies) while showing the user its ransom note. Users with backups or free decryption options may restore their files without considering the ransom, and anti-malware programs compatible with Windows will safely remove the Wannacry666 Ransomware.

The Heritage of Past Trojans Lives On

A threat actor makes possibly-mocking references to ancient Trojan history in his new attacks, which use freeware sources for making money off of blocking files. The Wannacry666 Ransomware's name comes from the long-known and sensational WannaCryptor Ransomware or WannaCry campaign, but this threat isn't an update. Despite its alias, it's nothing more than another product of Xorist Ransomware's easily-expandable family.

The Wannacry666 Ransomware is part of a small wave of similar Trojans from its family, which uses a no-programming-required tool for generating customized variants. The Xorist Ransomware members for the current year also include the ZoNiSoNaL Ransomware, the TiNx Ransomware, and the YaKo Ransomware, but older cases exist, like the 'avastvirusinfo@yandex.com' Ransomware from 2017. It's compatible with most Windows' versions and no other OSes.

The Wannacry666 Ransomware is configurable with either XOR or TEA-based encryption, which it uses for blocking media files throughout the PC's hard drives. The file-locking attack includes an attempt at a ransom with an English text ransom note. A garbled name on the latter implies some string conversion issues with its payload; the Wannacry666 Ransomware may be targeting victims of a particular region with a non-Western alphabet, such as Russia or China.

Data Recovery from Trojans with Less Crying

Although most file-locking Trojans will secure their attacks against third-party intervention, the Xorist Ransomware family is a possible exception to the rule. Victims may find recovery with free decryption tools a possibility. However, malware experts recommend creating copies of files for decryption. Users should remember that any superficial name changes, such as the Wannacry666 Ransomware's added extensions and ransoming information, don't alter the encryption responsible for keeping the file from opening.

Because of how available its resources are to threat actors, predicting infection strategies for the Wannacry666 Ransomware's campaign is a fallible exercise necessarily. Malware researchers trace file-locker Trojan infections to preexisting vulnerabilities and unsafe Web-browsing behavior frequently. Windows users should watch for possible tactics associated with e-mail-attached documents, Web-browsing scripted content like JavaScript, and brute-force attacks against login credentials especially.

Typical anti-malware software is just as valuable as a backup, albeit for different reasons. While such products can't unlock files, they can detect and delete the Wannacry666 Ransomware, as malware experts confirm in current samples, without issues.

The Wannacry666 Ransomware might be using the name of WannaCry for sensationalism, but the reality of its code is a low-effort, barely-customized piece of software. Even so, the shoddiest of Trojan clones remain threatening to those who aren't ready for them.

Loading...