SanwaiWARE Ransomware

The SanwaiWARE Ransomware is a threat designed to lock the victim's files and render them unusable specifically. The threat employs a strong encryption process to ensure that the locked files cannot be easily restored without the necessary decryption key. While most other threats of this type mark the files they affect by appending new file extensions to their original names, the SanwaiWARE Ransomware uses a different approach. It substitutes the original file extensions with either '.sanwai15' or '.sanwai16' completely. Both can be used on the same compromised system. When it completes its encryption process, the threat delivers a ransom note message displayed as a pop-up window and contained inside a text file named 'IMPORTANT.txt.'

Ransom Note's Details

The text in both places is identical. It informs the victims of the threat that to get the decryption tool from the attackers, they will have to pay a specific ransom. The note even tells the exact sum that will have to be transferred to the provided crypto-wallet address - 0.002664 BITCOIN. The Bitcoin cryptocurrency is notorious for its volatility so the equivalent sum in dollars may change in the future. However, at the moment, it is $153 approximately. The SanwaiWARE Ransomware hackers threaten that if they do not receive the money within 48 hours of the ransomware infection, all encrypted data will be lost.

The full text of the note is:

'sanwaiWare 2021
Your files have been encrypted.

PAYMENT
Send 0.002664 BITCOIN to

-
AFTER PAYMENT
Once you have sent payment, open the Decryptor on your Desktop.
Attempting to reverse will result in your files being lost forever.

PAYMENT NOTICE
You have (48) hours from initial notice to make payment.
If payment is not made within the time frame, your files will be deleted.'