WantToCry Ransomware

WantToCry is a type of ransomware specifically crafted to encrypt diverse data on devices that it successfully infiltrates. Upon compromising a system, the malware appends its distinct extension ('.want_to_cry') to the original filenames of the encrypted files. In addition to this, WantToCry delivers a ransom note to its victims, typically named '!want_to_cry.txt,' which contains instructions on how to proceed with the ransom payment to the attackers. To illustrate the file renaming process initiated by WantToCry, an example would be the transformation of '1.doc' to '1.jpg.want_to_cry' and '2.odf' to '2.png.want_to_cry,' exemplifying the consistent alteration of file formats during the encryption process.

Victims of the WantToCry Ransomware Are Left Unable to Access Their Own Data

The ransom note generated by the WantToCry Ransomware communicates that the victim's data has been encrypted and proposes a solution for decryption, contingent upon the payment of a 300 USD fee. The victim is directed to a specified website where they are instructed to download and install qTOX software on their PC. Subsequently, they are prompted to create a new profile, add a designated contact, and transmit a message containing a provided string.

In addition to these instructions, the victim is advised to send three test files of limited size directly, as the ransomware operators do not accept download links from external sources or very large files, such as database files. In return for this communication, the operators assure the victim of providing payment instructions and decrypted files, with the stipulation that the ransom is to be paid in Bitcoin cryptocurrency.

It is crucial to emphasize the inherent risks associated with paying ransom to attackers. Despite promises of file recovery upon payment, there is no guarantee that attackers will uphold their end of the bargain. Furthermore, the urgent need to remove ransomware from compromised systems is highlighted as a critical step in mitigating potential damage. This involves preventing further file encryption and safeguarding sensitive data from unauthorized access. Taking prompt action to eliminate ransomware can significantly reduce the overall impact of cyberattacks on both individuals and organizations.

Take Action to Protect Your Data and Devices from Ransomware Threats

With the rising threat of ransomware attacks, safeguarding data and devices has become a paramount concern for individuals and organizations. Ransomware is an impairing software that inscribes files, making themout of rech until a ransom fee is paid. To fortify against such threats, here are five crucial measures users can adopt for robust data and device protection:

• Regular Backups: Implementing routine and automated backups of important data is a key preventive measure. These backups should be stored in a location separate from the main system or network. This ensures the availability of uncorrupted data in case of a ransomware attack.
•  Security Software and Updates: Utilize reputable anti-malware software, and keep it regularly updated. Security software can detect and prevent ransomware infections. Additionally, ensure that operating systems, applications, and security tools are consistently updated to patch vulnerabilities.
•  User Education and Awareness: Educate users about the hazards associated with clicking on suspicious links or downloading attachments from unknown sources. Users should be aware of phishing techniques employed by attackers and exercise caution when interacting with emails, websites, or pop-ups.
•  Network Segmentation: Implement network segmentation to restrict unauthorized access within a network. This hinders the lateral movement of ransomware across systems, limiting its impact. Each network segment should have its own security controls, reducing the likelihood of widespread infection.
•  Access Controls and Least Privilege Principle: Enforce strict access controls by adhering to the principle of least privilege. Users should only have access to the resources necessary for their roles, minimizing the potential for ransomware to compromise critical data. Regularly review and update user permissions.
•  Incident Response Plan: Develop and regularly update an eventuality response plan outlining steps to be taken in the event of a ransomware infection. This plan should encompass procedures for isolating infected systems, notifying relevant parties, and restoring data from backups.

By combining these measures, users can significantly enhance their resilience against ransomware threats, ensuring the integrity and availability of their data and devices.

The full text of the ransom note left to the victims of the WantToCry Ransomware is:

'All your data has been encrypted by --WantToCry-- r@n50mw@re

You can buy decryption of all files for 300 USD.

For this:

Visit hxxps://tox.chat/download.html

Download and install qTOX on your PC.

Open it, click "New Profile" and create profile.

Click "Add friends" button and search our contact -

963E6F7F58A67DEACBC2845469850B9A00E20E4000CE71B35DE789ABD0BE2F70D4147D5C0C91

Send a message with this string:

Send 3 test files. These should be files of no more than 20-30 MB each. We do not accept download links from third-party resources. We do not accept very large files, such as database files.

In response, we will send payment instructions and decrypted files. Payment is made in the Bitcoin cryptocurrency.'