AutoWannacryV2 Ransomware

The AutoWannacryV2 Ransomware is an encryption ransomware Trojan first observed on August 3, 2018. The AutoWannacryV2 Ransomware is written using AutoIt and carries out a typical version of these attacks; it will take the victim's files hostage to demand a ransom payment from the victim in exchange for a decryption tool needed to restore the affected files. The AutoWannacryV2 Ransomware is named after WannaCry, a high-profile ransomware threat that received quite a bit of attention on the news. However, this just seems to be for show since there does not seem to be any connection between the two threats besides the use of the same name.

Symptoms of an AutoWannacryV2 Ransomware Attack

The AutoWannacryV2 Ransomware is commonly delivered to the victim's computer through damaged spam email attachments. These email attachments use corrupted embedded macro scripts to download and install the AutoWannacryV2 Ransomware onto the victim's computer. Once installed, the AutoWannacryV2 Ransomware will use a strong encryption algorithm to encrypt the victim's files, targeting the user-generated files, which may include a wide variety of media files, images, documents, databases, and numerous others. Threats like the AutoWannacryV2 Ransomware will target the files listed below in these attacks:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The AutoWannacryV2 Ransomware will mark the files it compromises by adding the file extension '.wannacryv2' to the file's name. The AutoWannacryV2 Ransomware delivers various messages to the victims to alert them of the attack and to demand a ransom payment. In the event of an AutoWannacryV2 Ransomware attack, computer users will see some notifications such as:

'Message "Success":
'All your files encrypted! By wannacryV2
Spent time on encryption: 318 seconds'

Message "Key valid":
'Ok, you get valid key!
[OK|BUTTON]'

Dealing with the AutoWannacryV2 Ransomware Attack

The AutoWannacryV2 Ransomware uses a static decryption key, meaning that PC security researchers have been able to extract the decryption key from the AutoWannacryV2 Ransomware's code, while most ransomware Trojans leave the files in a state that cannot be remedied. Computer users may recover their files using the password '123qwe.' However, with most threats of this type, it is not possible to restore the affected files. In fact, it is possible that updated versions of the AutoWannacryV2 Ransomware may be released, which will not be so simple to recover from. Because of this, the best protection against threats like the AutoWannacryV2 Ransomware still is to have file backups. Apart from file backups, computer users are also advised to use a security program to intercept threats like the AutoWannacryV2 Ransomware before they can be installed.