'.WHY File Extension' Ransomware

Posted: August 22, 2018

'.WHY File Extension' Ransomware Description

The '.WHY File Extension' Ransomware is a variant of the STOP Ransomware, a file-locker Trojan that's capable of blocking various digital media formats with encryption. These attacks prevent your files from opening and include changes to their names, such as a new extension tag. Have your anti-malware products eliminate the '.WHY File Extension' Ransomware as soon as they identify it and keep regular backups for neutralizing any impact on your media.

Why the STOP Ransomware Keeps Profiting

The lesser family of file-locker Trojans that began with the STOP Ransomware is, while low-key in comparison to threats like the Globe Ransomware or Hidden Tear, is remaining viable financially as a threat for hire. Other, 2018 variants of the STOP Ransomware, such as the KEYPASS Ransomware and the '.CONTACTUS File Extension' Ransomware, are being joined by the newest the '.WHY File Extension' Ransomware. Like many Ransomware-as-a-Service Trojans, the '.WHY File Extension' Ransomware is under the administration of a new set of threat actors and may use unforeseen exploits for infecting its victims' PCs.

The '.WHY File Extension' Ransomware is, like other versions of the STOP Ransomware, a Windows program that targets files on the PC according to their formats and locations, including such widely-in-use media types as JPG pictures and Word DOCs, among others. It uses the AES and RSA-based encryption methods for locking these files securely, which require being run through a corresponding decryption routine before their applications can read them. Other than the '.WHY File Extension' Ransomware's use of the new '.WHY' extension instead of any of the previous strings, malware analysts are finding no changes in this part of the Trojan's payload.

The '.WHY File Extension' Ransomware deposits an updated version of the Notepad TXT-based ransom note that's typical to the STOP Ransomware family after it finishes with its data encryption. This version of the instructions specifies a fee of six hundred USD, although the threat actor could use payment methods, such as the Bitcoin cryptocurrency, that limit or nullify any refund avenues that might be available to the victim. While paying should be avoided, when possible, malware experts, unfortunately, continue affirming that this Trojan family's file-locking mechanism isn't suitable for free decryption.

Taking the 'Why' Out of Your Files' Futures

The '.WHY File Extension' Ransomware, other than its seemingly preferring American victims, offers little information on its distribution model, in comparison to other versions of the STOP Ransomware. Since Ransomware-as-a-Service employs, potentially, a wide variety of threat actors as admins, the '.WHY File Extension' Ransomware could compromise your PC through any of the below methods, as examples:

  • Fake e-mail messages may pretend that the '.WHY File Extension' Ransomware's installer is an attached document related to an invoice or other workplace notification.
  • Exploit kits running through hostile websites or compromised advertising networks could exploit vulnerabilities in your software for loading a 'drive-by-download' style attack.
  • Brute-force attacks may compromise an at-risk network's login credentials, which lets a criminal create a backdoor for establishing his control.

Because of the risk of local backups to additional encryption, data corruption or secure deletion, malware experts suggest keeping any crucial backups on other machines or storage devices. Paying the ransom may not always give you a genuine decryption service, and many file-locking Trojans are incompatible with free decryptors equally. Always uninstall the '.WHY File Extension' Ransomware through appropriate anti-malware tools that can guarantee the absence of other threats, such as Trojan downloaders, that might reinstall it.

As lucrative as RaaS businesses are, they're just as easy for their victims to stop as they are for criminals to launch. Keep up to date with your backups, use appropriate passwords, and avoid downloads from typically unsafe sources for saving your files from 'unbreakable' threats like the '.WHY File Extension' Ransomware and the other STOP Ransomware variants.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to '.WHY File Extension' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware '.WHY File Extension' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.