Wanna Dead Ransomware

Wanna Dead Ransomware Description

The Wanna Dead Ransomware is a file-locking Trojan whose code is from a publicly-known version of Hidden Tear. The Wanna Dead Ransomware can, like other members of this family, stop files from opening and leave text-based demands for ransoms for its unlocking aid. Users can back work up somewhere secure for a non-ransom solution and use anti-malware services for managing the removal of the Wanna Dead Ransomware.

A Trojan that's not So Dead after All

Hidden Tear and similarly-free resources for Trojan programming are experiencing a devaluation in the face of Ransomware-as-a-Service's increasing availability and affordability. However, those who value their digital media can't count HT out, yet, as malware experts reaffirm the ongoing creation of new builds of the file-locking Trojan. The Wanna Dead Ransomware is one of the most recent, following after the familial footsteps of the BulbaCrypt Ransomware, the CROWN Ransomware, the FORMA Ransomware or the Marozka Ransomware.

The Wanna Dead Ransomware is a straightforward renaming of Utku Sen's original Hidden Tear project and continues using AES-based encryption as a way of blocking files, including documents, spreadsheets, archives or images. However, the unknown author does include several additions, the most visible of which is the new ransom note. This text is a copy from old campaigns and uses an English warning for soliciting four-hundred-dollar ransoms to a Bitcoin wallet. The wallet is in use, although malware experts haven't received confirmation of wild infections.

A less self-evident, but more important feature is the file-locking Trojan's additional, geolocational filters. The Wanna Dead Ransomware uses a system language checker for avoiding attacks against Persian-speaking users and eschews targeting Iranians. In the history of the Trojan industry, such considerations, generally, relate to the criminal's desire for ducking the interest of local authorities, such as the police. Windows machines anywhere else in the world, however, are at risk.

Back to the Deathbed with a Senior Trojan

The Wanna Dead Ransomware is using a fairly-generic 'locked' extension for showing what content it's holding hostage, which raises the risk of victims using an inappropriate decryptor. Malware experts recommend keeping copies of such files before performing any potentially-irreversible recovery attempts and avoiding the Bitcoin payments, if possible. The usefulness of a non-locally-saved backup is appropriate for all file-locking Trojans, however, and the Wanna Dead Ransomware's family, traditionally, uses a non-secure version of encryption.

Insufficient samples are available for narrowing down the infection strategies that the Wanna Dead Ransomware might be using. Many file-locking Trojans abuse social engineering tricks, such as hiding as game crack torrents or updates, for convincing a user into opening their installers. Others may infect a server after the administrator uses a brute-forcible password or leaves RDP available to the public.

Anti-malware products of nearly every brand can delete most versions of Hidden Tear before the locking attacks occur. When removing the Wanna Dead Ransomware, users should consider quarantining samples of the relevant files for analysis by interested researchers, since decryption, often, requires case-by-case research.

The Wanna Dead Ransomware is lively, for a Trojan with its name. More pertinently, its penchant for taking geography into account makes nationality into a factor in digital extortion that many users might not be taking into consideration.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Wanna Dead Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: July 12, 2019
Home Malware Programs Ransomware Wanna Dead Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.