DataWait Ransomware

The DataWait Ransomware is an encryption ransomware Trojan that was first observed on November 13, 2018. The DataWait Ransomware is mainly being distributed via spam email attachments, often by using social engineering procedures to trick computer users into opening the unsafe content. The DataWait Ransomware seems to be part of a campaign targeting computer users in Ukraine.

How You can be Infected by the DataWait Ransomware

The DataWait Ransomware uses a strong encryption algorithm to make the victim's files inaccessible, targeting a wide variety of the user-generated file types. The DataWait Ransomware will encrypt in its attack the following file types:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The DataWait Ransomware attack will mark the affected files with the file extension '.DATAWAIT', making it simple to know which content has been compromised.

The DataWait Ransomware's Ransom Demand

The DataWait Ransomware delivers a ransom note in the form of a text file named '!readme.txt,' which contains the following text:

'ATTENTIQN PLEASE
Your databases, fies, photos, documents and other important fies are encrypted and have the extension: .DATAwAIT
The only method of recovering fies is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e—mai1 BM—2cXonzj9ovn5qdX2MrwMK4j3qCquxBKo4h@bitmessage.ch send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files — you can send us a 1-3 any not very big encrypted fies and we will send you ac it in a original form FREE.
Discount 50% available if you contact us first F2 hours.
E—mai1 address to contact us:
BM—2cXonzj9ovn5qdX2MrwMK4j3qCquxBKo4h@bitmessage.ch
Reserve e—mai1 address to contact us: savefiles@india.com
Your personal id:
[random characters]'

Computer users should not agree with the payment of the DataWait Ransomware ransom amount or to contact these criminals via the provided email address. Doing this exposes victims to additional infections and allows these criminals to continue developing and distributing these threats. Instead, PC users should take steps to protect their data from threats like the DataWait Ransomware. The best protection, the one endorsed by malware researchers, is to have backup copies of all data, stored either on the cloud or on an external memory device. File backups, coupled with a security suite that is fully up-to-date, can help computer users stay safe from the DataWait Ransomware and similar threats.