WickrMe Ransomware Campaign Goes After Outdated Microsoft SharePoint Servers

The WickrMe Ransomware (also called Hello Ransomware) is a dangerous file-encryption Trojan, which is being used against a very specific set of targets, so far. It is important to add that it has nothing to do with the WickrMe messaging services. The creators of this malware are not spreading it to random users on the Internet and, instead, they are executing carefully orchestrated attacks against vulnerable Microsoft SharePoint servers. Of course, system administrators who keep their software up-to-date are not threatened by this attack since the WickrMe Ransomware campaign relies on a vulnerability, which dates back to 2019. Unfortunately, many systems are still vulnerable due to running outdated software, and they are the exact target of the WickrMe Ransomware.

Apart from the relatively special infection vector, the WickrMe Ransomware behaves just like other file-encryption Trojans. Its attack involves several stages, which are not out of the ordinary:

  • Disables processes used by database management software and other utilities that may prevent the malware from accessing files it wants to encrypts.
  • Scans disk partitions for file types that it is meant to encrypt, and then locks their content.
  • Appends the '.hello' suffix to the names of files it locks.
  • Drops the ransom note 'Readme!!!.txt,' which includes custom emails for that specific victim.

Of course, the criminals demand a ransom payment via Bitcoin. Apart from the emails, the criminals also supply WickrMe usernames, which can be used to get in touch with them – this is the first time that this service is being used by ransomware operators.

Unfortunately, the WickrMe Ransomware's encryption is unbreakable, and free decryption software is out of the question. Victims of this attack should not, however, agree to co-operate with the attackers since the risk of getting scammed is too high. Instead of contacting the cybercriminals, victims of the WickrMe Ransomware should use antivirus software to eliminate the threat and then try restoring files via a backup, or via popular recovery software.

By Ruik
April 29, 2021
Ransomware
English
April 29, 2021
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Ransomware

Removal of POLSAT Ransomware

The POLSAT Ransomware is a dangerous piece of malware, which is being spread on the Internet through fake downloads, malicious emails, misleading ads, and other shady content. It is very easy to encounter malware of... Read more

April 7, 2021
Ransomware

Removal of Ctpl Ransomware

The Ctpl Ransomware is a variation of the Dharma Ransomware, and this means that it is impossible to crack its encryption via free utilities. The malware uses a flawless file-locking mechanism, which is guaranteed to... Read more

April 6, 2021
Ransomware

How to Remove Urnb Ransomware

The Urnb Ransomware is a variation of the STOP family of file-lockers. Unfortunately, it has the ability to cause potentially permanent damage to the files of the victims and leaves them with very limited data... Read more

April 9, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.