wlojul@secmail.pro Ransomware
The wlojul@secmail.pro Ransomware is a variant of the CryptoWire Ransomware, a 'proof-of-concept' file-locking Trojan. Although the wlojul@secmail.pro Ransomware has some minor changes in its payload, its overall impact remains its capacity for locking various files on your computer, after which, it creates a message asking for money. Users should ignore its ransom, use free data restoration tactics as described in this article, and have an anti-malware program uninstall the wlojul@secmail.pro Ransomware.
A Trojan that's Old, but not Dead
The CryptoWire Ransomware family that began showing activity in 2016 is verifiable by malware experts as still being active, making it one of the most long-lived of the smaller groups of file-locking threats. The new variant, which malware experts are referring to as the wlojul@secmail.pro Ransomware, is deploying with the installer of 'sous.exe.' It includes some changes to how it locks your files, but, fortunately, doesn't do so securely.
Instead of locking your files according to their sizes, the wlojul@secmail.pro Ransomware targets a series of extensions, which is the traditional technique among file-locking Trojans. It harms over two hundred types, including archives, documents, images, movies, audio, PHP scripts, and eBooks. The Trojan also adds its extension of '.encrypted' between the old extension and the name (example: 'Puppy.encrypted.gif').
However, the decryption feature for the wlojul@secmail.pro Ransomware's AES encryption uses a hard-coded pass-code ('VgjRPoOM0oa92_jId!/wkMeW6,guuSe'). Inputting this key decrypts and unlocks the associated files. Malware experts warn that this fact may change later and the wlojul@secmail.pro Ransomware does erase the local backups, such as the Windows Shadow Copies currently.
Being Wary of Bad Wires
The wlojul@secmail.pro Ransomware gives any victims more reasons for concern than just its data-locking technology. Some of the related attacks included in its payload also consist of:
- The wlojul@secmail.pro Ransomware disables BCDEdit, a Windows boot-configuration utility, which prevents the user from accessing security-related startup options.
- The Trojan assigns itself to a Scheduled Task so that it persists on the PC indefinitely
- The wlojul@secmail.pro Ransomware also loads a pop-up that provides a ransom note and instructions for paying one thousand USD in Bitcoins. The size of the decryptor's price is one of several indicators that the wlojul@secmail.pro Ransomware may be attacking network servers of businesses, NGOs or governments instead of recreational-purpose computers
Besides using the decryption code, any PC users can restore from non-local backups, which is the only other way of recovering their files. Malware experts suggest quarantining or removing the wlojul@secmail.pro Ransomware with anti-malware software before implementing any other options for countering the encrypting of your data.
The wlojul@secmail.pro Ransomware is joining the likes of the Lomix Ransomware, the VapeLauncher, the HAHAHA Ransomware, and the WanaCry4 Ransomware in the CryptoWire Ransomware family. As long as users don't secure their files properly, even a two years' old code is salvageable for a functional extortion racket.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.