Wanna Dead Ransomware
The Wanna Dead Ransomware is a file-locking Trojan whose code is from a publicly-known version of Hidden Tear. The Wanna Dead Ransomware can, like other members of this family, stop files from opening and leave text-based demands for ransoms for its unlocking aid. Users can back work up somewhere secure for a non-ransom solution and use anti-malware services for managing the removal of the Wanna Dead Ransomware.
A Trojan that's not So Dead after All
Hidden Tear and similarly-free resources for Trojan programming are experiencing a devaluation in the face of Ransomware-as-a-Service's increasing availability and affordability. However, those who value their digital media can't count HT out, yet, as malware experts reaffirm the ongoing creation of new builds of the file-locking Trojan. The Wanna Dead Ransomware is one of the most recent, following after the familial footsteps of the BulbaCrypt Ransomware, the CROWN Ransomware, the FORMA Ransomware or the Marozka Ransomware.
The Wanna Dead Ransomware is a straightforward renaming of Utku Sen's original Hidden Tear project and continues using AES-based encryption as a way of blocking files, including documents, spreadsheets, archives or images. However, the unknown author does include several additions, the most visible of which is the new ransom note. This text is a copy from old campaigns and uses an English warning for soliciting four-hundred-dollar ransoms to a Bitcoin wallet. The wallet is in use, although malware experts haven't received confirmation of wild infections.
A less self-evident, but more important feature is the file-locking Trojan's additional, geolocational filters. The Wanna Dead Ransomware uses a system language checker for avoiding attacks against Persian-speaking users and eschews targeting Iranians. In the history of the Trojan industry, such considerations, generally, relate to the criminal's desire for ducking the interest of local authorities, such as the police. Windows machines anywhere else in the world, however, are at risk.
Back to the Deathbed with a Senior Trojan
The Wanna Dead Ransomware is using a fairly-generic 'locked' extension for showing what content it's holding hostage, which raises the risk of victims using an inappropriate decryptor. Malware experts recommend keeping copies of such files before performing any potentially-irreversible recovery attempts and avoiding the Bitcoin payments, if possible. The usefulness of a non-locally-saved backup is appropriate for all file-locking Trojans, however, and the Wanna Dead Ransomware's family, traditionally, uses a non-secure version of encryption.
Insufficient samples are available for narrowing down the infection strategies that the Wanna Dead Ransomware might be using. Many file-locking Trojans abuse social engineering tricks, such as hiding as game crack torrents or updates, for convincing a user into opening their installers. Others may infect a server after the administrator uses a brute-forcible password or leaves RDP available to the public.
Anti-malware products of nearly every brand can delete most versions of Hidden Tear before the locking attacks occur. When removing the Wanna Dead Ransomware, users should consider quarantining samples of the relevant files for analysis by interested researchers, since decryption, often, requires case-by-case research.
The Wanna Dead Ransomware is lively, for a Trojan with its name. More pertinently, its penchant for taking geography into account makes nationality into a factor in digital extortion that many users might not be taking into consideration.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.