WhyCry Ransomware

Posted: June 14, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	99

First Seen:	June 14, 2017
OS(es) Affected:	Windows

The WhyCry Ransomware is a Trojan that uses encryption to keep you from opening media such as documents, spreadsheets, or pictures until you pay its fee. While buggy currently, the WhyCry Ransomware does represent a potential hazard to any files without backups, and malware experts recommend blocking this threat with appropriate security protocols. If you overlook its installation, some anti-malware programs can uninstall the WhyCry Ransomware, and free decryptors can help you unlock the files.

A New Answer to Why You might be Crying at Your Keyboard

FTSCoder isn't the most important family of file-encoding threats, even for the month, alone. However, it is still being used by threat actors with no talent or enthusiasm for programming more secure Trojans, a trend appearing in the campaigns of the Haters Ransomware, the BlackSheep Ransomware, and June's the WhyCry Ransomware. Malware researchers identified a sample that seems to be a work in progress, with incomplete user interfaces and various bugs, although the WhyCry Ransomware remains capable of causing data loss.

The WhyCry Ransomware, similarly to most variants of the FTSCoder, targets a relatively short list of formats for holding hostage, such as AVI, DOC, TXT and GIF. It encrypts these files, stopping any programs from opening them, and adds its custom extension of '.whycry' to their names. This encryption routine is asymptomatic and occurs in the background without alerting the user.

The WhyCry Ransomware's additional features include glitches that may generate Windows errors or cause its final pop-up to fail to load as intended. Its threat actors are using a fallback ransom note to lock the screens of any victims of the current build apparently, which include a request for Bitcoins, a decryption field (once you obtain the key), and a variety of inaccurate warnings about the dangers of free decryptors.

Why Cry Over Spoiled Files

Its threat actors may inspire little confidence over their programming skills, but even the current version of the WhyCry Ransomware uses a third-party basis of code that can damage your files permanently. Free decryptors do exist for the WhyCry Ransomware's family, although victims should backup copies of any locked media before attempting any potentially irreversible solutions. In other circumstances, backups may be the be only other resolution method that gives you your content back without risking paying the WhyCry Ransomware's admins.

For those who need to regain control over the Windows interface, reboot into Safe Mode or boot directly from a recovery device (such as any USB port). Although its main installation exploits are under investigation, malware experts expect this threat's campaign to utilize the infection vectors common to threats distributed at random, such as bundling itself with other, free downloads. Just below half of most major brands of AV software may identify this Trojan under various metrics, and you always should use appropriate anti-malware tools for uninstalling the WhyCry Ransomware or detecting it.

Small-time threat actors misdeeds aren't smaller in consequences to the people necessarily, and the computers they harm. Paying con artists like the WhyCry Ransomware's authors for your files is a poor second choice to make up for not minding your security in the past.

WhyCry Ransomware

Threat Metric

A New Answer to Why You might be Crying at Your Keyboard

Why Cry Over Spoiled Files

Leave a Reply