WannaDie Ransomware Uses Bilingual Ransom Note

Our researchers identified the WannaDie ransomware during an examination of new malware samples. Ransomware is designed to encrypt data with the intention of compelling victims to pay for its decryption.

Upon executing a sample of WannaDie on our test system, it encrypted files and added a four-character random extension to their filenames. For instance, a file originally named "1.jpg" became "1.jpg.ppqf," and "2.png" transformed into "2.png.vo76," and so forth.

Following this encryption process, a text file named "info[random_number].txt" was generated. While ransomware typically delivers ransom notes demanding payment, WannaDie deviates by not making any such demands or providing contact information for the attackers.

The message conveyed by WannaDie notifies the victim that their files have been encrypted. Importantly, it clarifies that this ransomware does not employ double extortion tactics, meaning it does not pilfer victims' data and threaten to publish it unless a ransom is paid.

Furthermore, the note specifies that file recovery through decryption is unattainable, which is unusual for ransomware, as the usual objective is to generate revenue by demanding payment. WannaDie's message lacks any contact information for cybercriminals, which would typically be included for further instructions.

The rationale behind this absence could be that WannaDie was released for testing purposes, and there might be a potential inclusion of ransom demands in future releases.

WannaDie Ransom Note Comes in German and English

The full text of the WannaDie ransom note goes as follows:

English

Your files got encrypted by the WannaDie Ransomware!
Ransomware is a type of cryptovirological malware that threatens to publish the victim's
personal data or permanently block access to it.
This Ransomware does not publish your Data.
There is no way getting your files back.
All your important documents and system files are encrypted.

Deutsch

Ihre Dateien wurden von der WannaDie-Ransomware verschlüsselt!
Ransomware ist eine Art von Krypto-Malware, die droht, die persönlichen Daten des Opfers zu veröffentlichen oder den Zugriff darauf dauerhaft zu blockieren.
Diese Ransomware veröffentlicht Ihre Daten nicht.
Es gibt keine Möglichkeit, Ihre Dateien wiederherzustellen.
Alle Ihre wichtigen Dokumente und Systemdateien sind verschlüsselt.

How Can Ransomware Infect Your System?

Ransomware can infect a system through various methods, and attackers are constantly evolving their techniques. Here are common ways ransomware can infiltrate a system:

• Phishing Emails: Cybercriminals often use phishing emails to distribute ransomware. These emails may contain malicious attachments or links. Opening an infected attachment or clicking on a malicious link can trigger the ransomware download and execution.
• Malicious Websites and Downloads: Visiting compromised or malicious websites can expose your system to ransomware. Downloading files or software from untrusted sources increases the risk of inadvertently installing ransomware.
• Drive-By Downloads: Some websites may exploit vulnerabilities in your browser or its plugins to initiate a download without your knowledge or consent. This method, known as a drive-by download, can silently install ransomware on your system.
• Malvertising: Malicious advertising, or malvertising, involves placing malicious code in online ads. Clicking on these ads or even visiting a website with malvertisements can lead to ransomware infections.
• Exploiting Software Vulnerabilities: Ransomware creators may exploit vulnerabilities in software to gain unauthorized access to a system. Keeping your software, including the operating system and applications, up-to-date with the latest security patches helps mitigate this risk.