Wizard Ransomware Asks for Modest Ransom

Wizard ransomware is the name of a newly discovered strain of file-encrypting malware.

The new variant does nothing special. It will encrypt most files on the targeted computer, leaving them scrambled and unreadable. The encrypted files receive the ".wizard" extension. This will make a file formerly called "document.doc" turn into "document.doc.wizard".

The encryption process will affect documents, media files, archives and databases. System files that are needed to keep Windows running are not affected.

Once the encryption is complete, the ransomware drops its ransom note inside a file named "decrypt_instructions.txt", asking for just $100 in ransom, to be paid in cryptocurrency. The full note goes as follows:

Welcome to Wizard Ransomware...

[victim username], here's what happened...

All files are encrypted with Advanced Encryption Standard 256.

Maybe you noticed something? Your documents are now unreadable and corrupted.

You can wonder how to decrypt it, but... No chance of that, sorry.

So, what can you do now?

You only have one option to decrypt your files, lets see...

If you want your important files back you will need $100 in Bitcoin.

However, we are able to discuss this price, maybe we can talk it down, we aren't evil.

Want to start the process? You should e-mail us at: godepso19 at proton dot me

Include your ID in the e-mail, your ID is: -

What if I don't pay?

Nothing, meaning your files will just be encrypted forever... Bad outcome, right?

However, we recommend you be quick, because our operations get shut down fast.

Have fun, we're out...

Sincerely, Wizard Ransomware.

September 30, 2022