WannaCry 3.0 Ransomware Distributed in Fake Game Installers

WannaCry 3.0 is as a ransomware program that disguises itself as a new iteration of the infamous WannaCry ransomware. Such impostor programs often capitalize on the reputation of their predecessors.

Interestingly, WannaCry 3.0 is actually based on the open-source Crypter (Python) ransomware. Ransomware falls under the category of malware designed to encrypt data and demand payment for decryption.

During our testing, WannaCry 3.0 successfully encrypted files on our test machine and added a ".wncry" extension to their filenames, mirroring the behavior of the genuine WannaCry variant. For instance, a file originally named "1.jpg" would appear as "1.jpg.wncry," while "2.png" would become "2.png.wncry," and so on. Furthermore, the ransomware deleted Volume Shadow Copies and proceeded to alter the desktop wallpaper, accompanied by a pop-up window that displayed ransom notes.

Notably, the distribution of WannaCry 3.0 ransomware has been observed through deceptive setups masquerading as video game installations. Reports have indicated that WannaCry 3.0 ransomware has been propagated through counterfeit installers of the Enlisted multiplayer first-person shooter video game, targeting Russian players specifically. The tampered installers were distributed via a Russian-language website, taking advantage of Enlisted's status as a free game.

Upon launching the installer downloaded from the fraudulent website, two executables were dropped: "ENLIST~1," representing the video game itself, and "enlisted," which introduced the WannaCry 3.0 ransomware into the system.

Victims encounter a message on their desktop wallpaper notifying them about the encryption of their files and providing instructions on how to access further information if the ransomware's pop-up window is blocked.

According to the pop-up window, the encrypted files are inaccessible due to encryption using the AES-256 cryptographic algorithm. The decryption key required to restore the affected data is solely in the possession of the attackers.

The cybercriminals grant the victims a three-day period to contact them and make the ransom payment. Failure to comply within the given timeframe results in the permanent deletion of the decryption key, leading to irrevocable data loss. The ransom note warns against attempting to remove the ransomware or using antivirus software, as these actions render the files irretrievable.

WannaCry 3.0 Uses Telegram Bot for Contact

The full text of the ransom note generated by WannaCry 3.0 reads as follows:

WannaCry 3.0
YOUR FILES HAVE BEEN ENCRYPTED !

Contact our Bot in Telegram: wncry_support_bot

What Happened to My Computer?

The important files on your computer have been encrypted with military grade AES-256 bit encryption.
Your documents, videos, images and other forms of data are now inaccessible, and cannot be unlocked without the decryption key.
This key is currently being stored on a remote server.

To acquire this key, contact our Telegram Bot: wncry_support_bot, and transfer the decryption fee to the specified wallet address before the time runs out.
If you fail to take action within this time window, the decryption key will be destroyed and access to your files will be permanently lost.
Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.

Can I Recover My Files?

Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
But if you want to decrypt all your files, you have to pay.
You only have 3 days to submit the payment.
If you don't manage to pay in 3 days, you won't be able to recover your files forever.

How Do I Pay?

Contact our Bot in Telegram: wncry_support_bot

WE STRONGLY RECOMMEND YOU TO NOT REMOVE THIS SOFTWARE, AND DISABLE YOUR ANTI-VIRUS FOR A WHILE, UNTIL YOU PAY AND THE PAYMENT GETS PROCESSED.
IF YOUR ANTI-VIRUS GETS UPDATED AND REMOVES THIS SOFTWARE AUTOMATICALLY, IT WILL NOT BE ABLE TO RECOVER YOUR FILES EVEN IF YOU PAY!

How Can You Protect Your Files from Ransomware?

Ensuring the safety of your files against ransomware requires implementing a combination of preventive measures and proactive practices. Here are some essential steps to protect your files from ransomware:

  • Backup your files regularly: Maintain regular backups of your important data on external devices or cloud storage. This way, even if your files become encrypted or inaccessible due to ransomware, you can restore them from a secure backup.
  • Use robust security software: Install reputable antivirus and anti-malware software on your devices. Keep the software up to date and enable automatic scanning and real-time protection features. This helps detect and block ransomware threats before they can compromise your files.
  • Keep your operating system and software updated: Regularly update your operating system, applications, and software with the latest security patches and bug fixes. Software updates often include security enhancements that can safeguard against known vulnerabilities that ransomware exploits.
  • Exercise caution with email attachments and links: Be vigilant while opening email attachments or clicking on links, especially if they come from unknown or suspicious sources. Ransomware often spreads through email phishing campaigns, so exercise caution and only interact with trusted sources.

Be cautious of downloading from unverified sources: Avoid downloading software, files, or media content from untrustworthy or unofficial sources. Stick to reputable websites and official app stores to minimize the risk of downloading ransomware-laden files.

By Zaib
June 16, 2023
Ransomware
English
June 16, 2023
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

What is WannaCry Ransomware?

WannaCry Ransomware has come to become one of the most popular malware threats of its time early 2017 where it took the computer security scene by storm, in many literal ways. The WannaCry threat, sometimes called... Read more

May 19, 2021
Ransomware

'Fake Ransomware' is Named Appropriately

There is a new ransomware out in the wild, but in reality, it does not really conform to the definition of ransomware. In reality, the Fake ransomware only renamed a file in a way that is confusing and does not do any... Read more

October 11, 2022
Ransomware

CatB Ransomware Targets Big Game

CatB is a ransomware-type program that encrypts data and demands payment for the decryption. It does not alter filenames, and inserts ransom notes at the beginning of each encrypted file. The notes state that RSA-2048... Read more

January 6, 2023
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.