WhyCry Ransomware
Posted: June 14, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 99 |
First Seen: | June 14, 2017 |
---|---|
OS(es) Affected: | Windows |
The WhyCry Ransomware is a Trojan that uses encryption to keep you from opening media such as documents, spreadsheets, or pictures until you pay its fee. While buggy currently, the WhyCry Ransomware does represent a potential hazard to any files without backups, and malware experts recommend blocking this threat with appropriate security protocols. If you overlook its installation, some anti-malware programs can uninstall the WhyCry Ransomware, and free decryptors can help you unlock the files.
A New Answer to Why You might be Crying at Your Keyboard
FTSCoder isn't the most important family of file-encoding threats, even for the month, alone. However, it is still being used by threat actors with no talent or enthusiasm for programming more secure Trojans, a trend appearing in the campaigns of the Haters Ransomware, the BlackSheep Ransomware, and June's the WhyCry Ransomware. Malware researchers identified a sample that seems to be a work in progress, with incomplete user interfaces and various bugs, although the WhyCry Ransomware remains capable of causing data loss.
The WhyCry Ransomware, similarly to most variants of the FTSCoder, targets a relatively short list of formats for holding hostage, such as AVI, DOC, TXT and GIF. It encrypts these files, stopping any programs from opening them, and adds its custom extension of '.whycry' to their names. This encryption routine is asymptomatic and occurs in the background without alerting the user.
The WhyCry Ransomware's additional features include glitches that may generate Windows errors or cause its final pop-up to fail to load as intended. Its threat actors are using a fallback ransom note to lock the screens of any victims of the current build apparently, which include a request for Bitcoins, a decryption field (once you obtain the key), and a variety of inaccurate warnings about the dangers of free decryptors.
Why Cry Over Spoiled Files
Its threat actors may inspire little confidence over their programming skills, but even the current version of the WhyCry Ransomware uses a third-party basis of code that can damage your files permanently. Free decryptors do exist for the WhyCry Ransomware's family, although victims should backup copies of any locked media before attempting any potentially irreversible solutions. In other circumstances, backups may be the be only other resolution method that gives you your content back without risking paying the WhyCry Ransomware's admins.
For those who need to regain control over the Windows interface, reboot into Safe Mode or boot directly from a recovery device (such as any USB port). Although its main installation exploits are under investigation, malware experts expect this threat's campaign to utilize the infection vectors common to threats distributed at random, such as bundling itself with other, free downloads. Just below half of most major brands of AV software may identify this Trojan under various metrics, and you always should use appropriate anti-malware tools for uninstalling the WhyCry Ransomware or detecting it.
Small-time threat actors misdeeds aren't smaller in consequences to the people necessarily, and the computers they harm. Paying con artists like the WhyCry Ransomware's authors for your files is a poor second choice to make up for not minding your security in the past.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.