Wise Ransomware

The Wise Ransomware is a Trojan that deletes your media and displays pop-ups with ransoming instructions, supposedly for recovering the files. Although most victims of these attacks should be cautious about paying ransoms, in this case, doing so is unlikely of restoring any data due to this threat's deleting it. Let your anti-malware products block the Wise Ransomware and delete it preemptively, if possible, and keep backups of your work for restoring on demand.

The Questionable Wisdom of Trusting Ransom Notes

Trojans that include either file-encrypting technology or imitations of it can, often, be less than ingenuous about their motives, internal details, or capacity for keeping any promises that they might make. One, classic example of dishonest behavior among these threats is pretending that they've caused temporary and reversible damage to their victims' files when the reality is that the loss of data is permanent. Malware analysts are tracking this behavior through unrelated Trojans like the FBLocker Ransomware, the UselessDisk Ransomware, the RedBoot Ransomware, the Robin Hood And Family Ransomware, and the new Wise Ransomware.

The Wise Ransomware requests Windows for variables associated with default file directories for both media, such as pictures, as well as essential system-related files. After getting the appropriate file paths, it runs a series of loops that delete all the not-in-use files in these locations, potentially wiping out most of the contents of the hard drive. Although advanced data recovery software could retrieve some of your content, the Wise Ransomware doesn't encrypt or 'lock' anything, and using a decryption program is pointless.

Despite the above details, malware analysts, still, are finding the Wise Ransomware's also using a ransoming feature that displays interactive pop-ups and asks that the user visit a Teamspeak server for the negotiations. Whether or not the threat actors ask for Bitcoins or another ransom kind, paying has no purpose due to the Wise Ransomware's classification as being a disk-wiping threat, not a standard, file-locking Trojan. The Wise Ransomware also is one of the first threats of either type that uses Teamspeak as the ransom-negotiating platform.

Being Wise to the Games of Trojans

The Wise Ransomware is a sharp reminder that any PC users who don't protect their hard drives with backups can't always depend on any after-the-fact recovery methods for data like documents, images or even their critical system files. Although Windows does support restoration points, by default, relying on this often-deleted Shadow Volume Copy data is a risky option relative to copying your work to other devices, such as USBs and remote servers. Unlike with most Trojans with similar payloads, malware experts have yet to identify any self-evident exploits for distributing the Wise Ransomware, such as fake software updates or invoices.

The Wise Ransomware is under fifty kilobytes and can compromise most versions of the Windows OS. Since the threat can cause permanent harm to the actual operating system, any responses that base themselves off of detecting its symptoms, such as the ransom screen, usually, will be too late for saving most of the hard drive's contents. However, the averages for the different brands of security software identifying the Wise Ransomware are in the victims' favor, and most anti-malware programs should delete the Wise Ransomware without letting the deletion feature come into play.

The evidence to date shows that the Wise Ransomware's author is a resident of Italy, but the Trojan's attacks are borderless in their potential impact. A ransom will not always bail careless Web surfers out of any problems they create for themselves, particularly, when that judgment miscall compounds upon already-made security mistakes.