Home Malware Programs Ransomware Widia Ransomware

Widia Ransomware

Posted: June 1, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 86
First Seen: June 1, 2017
OS(es) Affected: Windows

The Widia Ransomware is a Trojan that blocks your screen until you input your credit card details while also claiming to be encrypting your documents and other files. Since malware experts don't see any data-encoding attacks from the Widia Ransomware's current release, victims should be cautious about giving its author their credit card information, or any other ransom particularly. Close its window through the solutions in this article and use anti-malware products to remove the Widia Ransomware, and disinfect the rest of your computer.

A Trojan's Grinning Skulls Replacing Your Desktop

What one sees a Trojan appear to do, can be less or more than the Trojan's real payload. This sometimes counter-intuitive truth is more evident than ever with threats like the Widia Ransomware that capitalize on the notoriety spread in corrupted, file-encrypting campaigns. While its authors have yet to place any encryption features in the Widia Ransomware, judging it from its symptoms provides a different and possibly unwelcomed conclusion for a victim.

The Widia Ransomware has no apparent relatives and uses distribution methods that malware experts have yet to verify, but does seem to be falsifying its executable as being an installer for another software. When launching, the Trojan loads a local Web page in a pop-up without a border or other user interface elements, keeping you from resizing, minimizing or closing it.

The pop-up claims that your documents and similar formats of data are illegible temporarily as a result of the Widia Ransomware's encryption-based attack. Malware experts also can confirm the same warning text in use in third-party Trojan campaigns, including ones with similar, screen-locking threats and real file-encrypting Trojans. Besides its skull logo and timer, the most significant component of the Widia Ransomware's message is its semi-remarkable ransom demands: a request for all the credentials of one of your credit cards.

The Empty Penalties of Missing Trojan Time Limits

The Widia Ransomware's countdown operates along a similar social engineering strategy as that of the well-publicized Jigsaw Ransomware, which can delete the files it locks periodically. Unlike that Trojan, the Widia Ransomware's only feature of note is its screen-locking pop-up, which malware experts also confirm for having a very limited capacity for harming your computer. You should be able to close this window by using default keyboard shortcuts (such as Alt+F4), after which you can access the desktop and other programs as usual.

While its author, self-identified as 'Sorin,' appears to be Romanian, the Widia Ransomware targets English speaking victims and references credit card brands with strong associations to North America. Malware experts recommend contacting the relevant company for further help as soon as possible after dealing with a threat actor gaining access to your credit or debit card information. Even though the Widia Ransomware currently can't damage files by encoding them, fraudulent purchases and similar security and financial issues should be assumed as likely for anyone who submits to its extortion.

The Widia Ransomware takes no additional action after its time limit reaches zero, and malware experts find no protection included in this threat for stopping the Widia Ransomware's removal by dedicated anti-malware products. As usual, a PC user's worst enemy is him or herself, and those who believe everything they read will endanger themselves, as much as anyone else.

Loading...