WECANHELP Ransomware
The WECANHELP Ransomware is a file-locking Trojan deriving from the Crypton Ransomware family's Cry36 Ransomware branch. Since an attack can damage large numbers of files on your computer, including widely-used formats, you should keep at least one, external backup for countering the side effects. Most anti-malware programs can provide further protection by deleting the WECANHELP Ransomware as they identify it.
The Crypton Ransomware is Turning on Again
The minor family of file-locking Trojans, Crypton Ransomware (also typed as CryptON) is becoming slightly less minute with a new child targeting unknown users through still-unascertained exploits. This variant of the family, the WECANHELP Ransomware, uses AES encryption for locking content and sells the unlocker afterward. However, it doesn't provide an opening 'fee' in Bitcoins or anything else, which leaves the threat actor maximum room for negotiating.
The WECANHELP Ransomware's family only has a handful of members, including the Nemesis Ransomware, and the YOUR_LAST_CHANCE Ransomware. A crucial detail about its file-locking routine is the inclusion of attacking lesser-used formats like DAT files, as well as traditional media. Its scanning locations are similarly broad and will invade areas like sub-directories of Program Files. This aspect of the WECANHELP Ransomware's payload makes it capable of harming the running of other, installed programs on your computer.
The WECANHELP Ransomware is Windows-based and, in many other respects, similar to the majority of file-locking Trojans of the past. Both ID numbers and the 'WECANHELP' string it injects into filenames will simplify the process of identifying what content is under encryption. Once it's encrypted, the file can't open until it goes through a compatible decryptor. The WECANHELP Ransomware also keeps some distinctive aspects of the family's messages, including multiple, redundant e-mail addresses and Jabber support.
Helping Your Files Out of an Extortion Situation
The WECANHELP Ransomware includes scant information in its ransom note and doesn't specify a price or currency. It also leaves unmentioned the fact that past versions of Crypton Ransomware, its ancestor, are decryptable by third parties, in some circumstances. Victims can check with experienced cyber-security specialists for estimates on free decryption, or they can retrieve their files through backups.
Currently, malware researchers see a strong likelihood that the WECANHELP Ransomware's campaign is using Remote Desktop-based infection vectors. RDP attacks involve a prior compromise of the PC by e-mail or brute-forcing weak logins, after which, the attacker can launch the Trojan. These strategies can be opportunity-based attempts at picking off random, unsecured targets or organized attempts at breaching wealthy corporate infrastructure.
Always use Windows-compatible anti-malware tools for uninstalling the WECANHELP Ransomware before recovering your media through any appropriate means.
The WECANHELP Ransomware offers help, but it's a poisoned provision for anyone who takes it. Paying criminals for their assistance in undoing what they caused to happen is, too often, just falling into a long con.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.