WELL Ransomware
The WELL Ransomware is a strain of a larger ransomware family, known as Dharma Ransomware. The WELL Ransomware behaves more or less like other variants of the Dharma family; the WELL Ransomware encrypts the victim's files and leaves them inaccessible, demanding ransom payment.
Any file encrypted by the WELL Ransomware receives a '.well' extension and has its previous filename modified. In this way, an image named "campfire.jpg" will become "campfire.jpg.id-[victim id].[mewellwisher@protonmail.ch].well."
The WELL Ransomware drops its ransom demand in a file named "FILES ENCRYPTED.tx." The full content of the ransom note is as follows:
'All your data has been locked us
You want to return?
Write email mewellwisher at protonmail dot ch or iamwellwisher at tutanota dot com.
The ransomware will also display a pop-up window, containing the following text to scare its victims into submission:
YOUR FILES ARE ENCRYPTED
Don't worry, you can return all your files!
If you want to restore them, follow this link: email mewellwisher at protonmail dot ch YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:iamwellwisher at tutanota dot com
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The ransom note and the pop-up window never mention the sum of the ransom, but as with all other ransomware strains, there is no guarantee that the victims would get their files back, even if they decided to pay the ransom.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.