WannCrypto V6 Ransomware

The WannCrypto V6 Ransomware is a Trojan that claims that it's encrypting your media to hold it hostage until you pay its Bitcoin ransom. Current versions of this threat display a pop-up message similar to those of the Jigsaw Ransomware, but without any file-locking or erasing functionality. In case the author updates this program for increased attack capabilities, users should have their anti-malware programs quarantine or delete the WannCrypto V6 Ransomware and keep backups for saving their files.

A Trojan with Warnings and Naught Else

A threat actor with little experience, both with programming and the English language, is starting his development of a new file-locker Trojan. While the software under the analysis of malware experts, the WannCrypto V6 Ransomware, has no real cryptography functions, such attacks are likely of being added to its payload over the next few days or weeks. For now, it is mostly demonstrative of how criminals can borrow the user interfaces of other threats, such as the pop-ups of the Jigsaw Ransomware family.

The Jigsaw Ransomware is an unrelated, file-locking Trojan whose most lasting impact on history in its industry is its capability for securely deleting files whenever the PC reboots and once its looping timer reaches zero. The WannCrypto V6 Ransomware uses a similar format of Windows pop-up that includes a countdown element, a button for the 'decryption' or unlocking feature, a second button for the ransom payment, and instructions on sending Bitcoins to the threat actor in return for gaining access to the Trojan's file-unlocking component. While all instructions are in the English language, the extremity of the grammar errors makes it very improbable that the author is a native speaker.

The WannCrypto V6 Ransomware's last build, as malware experts know it, doesn't include any attack features, including concerning the timer. Future releases could have a typical data-locking routine, such as AES encryption that may block Word documents, JPG or BMP pictures, and other content, or other modifications to the user's filenames and the desktop's wallpaper. However, for now, the WannCrypto V6 Ransomware is a Trojan without any capabilities for causing any short or long-term harm to your media.

Relegating the WannCrypto V6 Ransomware to Being a Wannabe

It's not atypical for threat actors to test the detection rates of their Trojans versus the AV industry by uploading new builds with gradual increases in attack features over time. While some Trojans do show pop-ups without any accompanying attacks, a full version of the WannCrypto V6 Ransomware, which its author intends for live operation, is almost certain of including an encryption routine, such as AES-based attacks that malware experts note are freely available in Hidden Tear's source code. Backing up content to other network servers or detachable devices can offer a very reliable way of restoring anything that the WannCrypto V6 Ransomware might lock.

Spam e-mails and brute-force-enabled, RDP attacks are two of the forerunners for file-locker Trojans' infection strategies in 2018. Other methods also might use exploit kits from within your Web browser, or damaged, disguised downloads of file-sharing networks, for infecting Windows PCs. Updating the databases of your anti-malware programs can provide them with improved accuracy for finding and stopping the latest threats, including removing the WannCrypto V6 Ransomware accurately.

The WannCrypto V6 Ransomware is more of a warning of things that may be to come than it is an active and credible danger, currently. On the other hand, how easy it is to throw a pre-made encryption feature into another program makes the WannCrypto V6 Ransomware no less a problem than the live competition in the file-locking Trojan business.