WannaDie Ransomware
Posted: November 20, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | September 8, 2021 |
|---|---|
| OS(es) Affected: | Windows |
The WannaDie Ransomware is a Trojan that blocks your files and uses visual and text-based delivery methods for its accompanying ransom demands. Note that while the Trojan's symptoms are similar to those of the WannaCryptor Ransomware or the '.wcry File Extension' Ransomware, this program is an unrelated threat that requires a custom unlocking solution. Due to the potential absence of such solutions, malware experts recommend that you protect your computer with a combination of backups and anti-malware products that can delete the WannaDie Ransomware immediately.
A Trojan that's Dying to Meet Your Files
Threat actors are finding more of interest to attack in Russia, and file-locking Trojans such as the BadRabbit Ransomware and the Relock Ransomware are demonstrating campaigns that are slightly more unique than the usual fork of Hidden Tear routinely. Another Trojan of this ilk, the WannaDie Ransomware, has begun imitating a preexisting family, which might help keep its files locked for long enough to force payments from the victims. The WannaDie Ransomware is very similar to the WannaCryptor Ransomware symptomatically, including the cosmetic choices in how it negotiates with the user.
Malware researchers are finding both encryption-functional and non-functional variants of the WannaDie Ransomware, which may be the result of the creator's testing AV databases at different stages of development. Versions of the WannaDie Ransomware that use working data-encoding attacks can block several formats of files, such as documents, with a still-unknown cipher, and also add '.wndie' extensions to their names.
Without the decryption key that reverses this encoding routine, the media is unusable, although the WannaDie Ransomware's threat actors offer to sell the key to the decryption module. They deliver these ransoming demands through an interactive HTA pop-up that also includes a timer (before the price increases or he deletes the key) and a Bitcoin address for collecting the payment. Malware experts are identifying Russian versions of the WannaDie Ransomware's imitative ransom note only, although the file-locking feature should work equally well on Windows PCs using other language settings.
Preventing Errant Threats from Making Their Way to Your Media
Although its most detailed instructions are inside the HTA pop-up component, the WannaDie Ransomware also has a handful of other symptoms, including swapping the user's default background and opening a custom-generated Notepad document automatically. While all of these characteristics promote the WannaDie Ransomware's ransom-based decryptor, malware experts sometimes rate these decryption solutions as imperfect or fraudulent. Contact appropriate security researchers for any help you may need with acquiring a free decryption program or use backups to keep your files out of the reach of the WannaDie Ransomware's attacks.
The WannaDie Ransomware campaign has yet to reach a stage of wide distribution against either public or private entities. Infection methods that often help distribute file-locking threats include fake documents and archives attaching themselves to spam e-mails, intentionally misnamed downloads on torrent networks, and the exploit kits that the cybercrooks host on compromised websites. Most methods are preventable with anti-malware programs detecting and deleting the WannaDie Ransomware before any of the symptoms in this article ever occur.
Going by sight with a Trojan infection sometimes is a greased slide towards incorrect conclusions, with more file damage being a common consequence. Users only should take file-locking threats like the WannaDie Ransomware at their word if they don't care whether or not the solutions they're buying are real or fake.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.