Bansomqare Wanna Ransomware

Bansomqare Wanna Ransomware Description

The Bansomqare Wanna Ransomware is an encryption ransomware Trojan. The Bansomqare Wanna Ransomware is commonly delivered in the form of a Microsoft Word document with corrupted embedded macro scripts that download and install the Bansomqare Wanna Ransomware onto the victim's computer. The Bansomqare Wanna Ransomware will reference WhatsApp, a popular messaging application in its attack, to convince the victims to download the file being used to deliver the Bansomqare Wanna Ransomware threat. Once installed, the Bansomqare Wanna Ransomware will run using executable files named 'runas.exe' and 'whatsapp.exe' on the victim's computer and will carry out its attack.

How the Bansomqare Wanna Ransomware Attacks a Computer

Once the Bansomqare Wanna Ransomware is installed, the Bansomqare Wanna Ransomware will encrypt the victim's files using a strong encryption algorithm. The Bansomqare Wanna Ransomware also will interfere with the Windows recovery utilities and various native Windows services. The Bansomqare Wanna Ransomware will use a strong encryption algorithm to encrypt the victim's files and takes them, hostage, since they will be unrecoverable except to those that have the decryption key. The Bansomqare Wanna Ransomware marks the files encrypted by the attack by adding the file extension '.bitcoin' to the original affected file's name. Threats like the Bansomqare Wanna Ransomware target the user-generated files, such as photos, audio, video, and numerous document types, while avoiding Windows system files and the victim's applications. The files that are targeted in attacks like the Bansomqare Wanna Ransomware include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The reason for this is that threats like the Bansomqare Wanna Ransomware want to take the victim's files hostage, but they also need for the victim to be able to access their operating system and Web browser to carry out a payment.

How the Bansomqare Wanna Ransomware Demands Its Ransom Payment

The Bansomqare Wanna Ransomware displays a program window with the name 'Bansomqare Wanna' after encrypting the victim's files. This ransom note has been seen before in other threats, mainly in ransomware Trojans that try to imitate WanaCry, a high-profile ransomware threat. The text of the Bansomqare Wanna Ransomware ransom note reads:

'Ooops, Your files have been encrypted!

What happened to my computer?
Your important files are encrypted.
Many of your documents, photo, video, database, and other files are no longer accessible because he have been encrypted. Maybe you are busy looking for a way to recover your files but do not waste your time. Nobody can recover your files without our decryption service.

Can I recover my files?
Sure, We guarantee that you can recover all your files safely and easily.
But you have not so enough time.
You can decrypt some of your files for free.
The bitcoin address will be saved to the 'bitcoin2018.txt' file'

It is important to avoid following the instructions in the Bansomqare Wanna Ransomware ransom note, or making any payment to the Bitcoin address contained in the text file associated with the Bansomqare Wanna Ransomware attack. Instead of this, PC security researchers strongly advise computer users to take preventive measures against the Bansomqare Wanna Ransomware and similar threats. The files encrypted by the Bansomqare Wanna Ransomware should be deleted and replaced with backup copies.

Technical Information

File System Details

Bansomqare Wanna Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 C:\Users\user\Desktop\fbe54141fb79aa5f69a99f107155ad995494f5ce5e70279aa45fca6b5856bc4e.exe 674,816 6d0fefdd39ad1c289e15eac8cb2d9394 1

Registry Details

Bansomqare Wanna Ransomware creates the following registry entry or registry entries:
File name without path
bitcoin2018.txt

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.