WannaSmile Ransomware Description
The WannaSmile Ransomware is a new version of the zCrypt Ransomware, a Trojan family that hides its file-locking attacks behind a fake Windows error. Similarly to most file-locking Trojans, the WannaSmile Ransomware also creates symptoms corresponding to demands for payment to unlock your media, which it does by ransoming the decryption software for Bitcoins. Besides advocating the protection provided by backing your files up to safe locations, malware experts only can encourage removing the WannaSmile Ransomware as quickly as possible with an appropriate anti-malware product.
The Smile that Will Cost You a Fortune
The relatively non-publicized zCrypt Ransomware, a Trojan identified from its attacks against Russian businesses previously, appears to be branching out into a new version. This secondary build is one that malware experts can confirm as creating messages implying attempted attacks against Iranians, although many of its components also include English content. Ultimately, regardless of the region under attack, the new the WannaSmile Ransomware's goals still are to block the files of its victims before forcing payments of Bitcoins from them.
Although malware researchers can't yet corroborate whether or not the WannaSmile Ransomware still uses zCrypt Ransomware's original tactic of hiding its payload behind fake CD-DVD drive errors, the Trojan does include the same style of file-locking attack. This feature encrypts different files on the infected PC using an AES algorithm and, then, obfuscates the process behind a second, RSA-based cipher. The WannaSmile Ransomware's threat actors are providing the new '.WSmile' extension to any affected content (for instance: 'document.doc.WSmile') instead of the family's original one.
Most of the WannaSmile Ransomware's files use English names, but the ransoming message it drops after blocking the user's media is in Iranian Persian. The most unusual detail of this note is its demand for an incredibly high payment of twenty Bitcoins for the file-unlocking solution, with an additional increase of one Bitcoin per day past a five-day time limit. This number makes the WannaSmile Ransomware one of the most costly of file-locking threats of all time, with accompanying implications that the threat actors are targeting multinational corporations or spent no time researching their cryptocurrency valuations.
Taking the Smile Off an Iranian Trojan
The zCrypt Ransomware family comes with some default features that could assist with the ransom-tracking process and a possible decryption routine, but paying a cybercrook's fee for file-unlocking services always is risky. The hundreds of thousands of dollars in Bitcoins that the WannaSmile Ransomware requests may not come with a matching decryption response from the threat actor, and malware experts, additionally, discourage rewarding cybercrooks for breaking the law. Backing up your media to a protected device always is the best protection against a file-locking threat of any type.
File-locking Trojans may come attached to spam e-mail campaigns, but the lesser-used infection vectors range from Web-browsing exploit kits to inaccurately named torrents. Some cybercrooks also prefer to attack specific companies or government networks by manual methods, which requires prevention through responsible password management by the users. Three out of four AV brands are identifying this threat appropriately, and deleting the WannaSmile Ransomware with a competent anti-malware program is highly advisable for minimizing any damage to your files.
This branch may or may not be the last that malware analysts see of the WannaSmile Ransomware and the rest of zCrypt Ransomware's family. Whether its line ends here or continues to sprout derivatives, it exemplifies how national boundaries can't protect any PC user from efforts to turn their files into bargaining chips.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to WannaSmile Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.