WANA CRY Ransomware Attempts to Steal Wannacry's Thunder
In our examination of new malware samples, it was revealed that WANA CRY is a form of ransomware that mimics another well-known ransomware called WannaCry. WANA CRY is derived from the Chaos ransomware and is designed with the primary objective of encrypting files. Additionally, it alters the desktop wallpaper, generates a ransom note named "read_it.txt," and appends four random characters to filenames.
As an illustration of how WANA CRY modifies filenames, it transforms "1.jpg" into "1.jpg.4bkv," "2.png" into "2.png.t29o," and so on.
The ransom note tells the victim their data is encrypted and emphasizes that decryption without the attackers' assistance is impossible. To regain access to the encrypted data, the victim is directed to purchase specialized decryption software priced at $1,500. The payment is explicitly specified to be made in Bitcoin.
Moreover, the ransom note provides payment details, including the amount in Bitcoin (0.1473766 BTC) and the Bitcoin address for the payment.
WANA CRY Ransom Note Keeps to the Point
The full text of the brief ransom note generated by WANA CRY reads as follows:
WANA CRY @rivator_max
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.comPayment informationAmount: 0.1473766 BTC
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
How Can Ransomware Infiltrate Your System?
Ransomware can infiltrate a system through various methods, often taking advantage of vulnerabilities and human behaviors. Here are common ways ransomware can enter a system:
- Phishing Emails: One of the most common methods is through phishing emails. Cybercriminals send emails containing malicious attachments or links that, when clicked, download and execute the ransomware on the victim's system. These emails often impersonate legitimate sources, making them appear trustworthy.
- Malicious Websites and Advertisements: Visiting compromised websites or clicking on malicious online ads can lead to the download and installation of ransomware. These websites may exploit vulnerabilities in the browser or use social engineering techniques to trick users into downloading malicious content.
- Exploiting Software Vulnerabilities: Ransomware can exploit vulnerabilities in software or operating systems to gain unauthorized access. It's crucial to keep software and operating systems up-to-date with the latest security patches to mitigate the risk of exploitation.
- Malicious Links in Messages or Social Media: Cybercriminals may distribute ransomware through links shared in messages or social media platforms. These links may lead to malicious websites or initiate the download of malicious files when clicked.
- Malvertising: Cybercriminals may compromise online advertising networks and display malicious ads on legitimate websites. Clicking on these ads or visiting the affected websites can trigger ransomware downloads.
- Remote Desktop Protocol (RDP) Attacks: Attackers may exploit weak or compromised Remote Desktop Protocol connections to gain access to a system. Once inside, they can deploy ransomware.
