Threat Database Ransomware Waffle Ransomware

Waffle Ransomware

By GoldSparrow in Ransomware

The Waffle Ransomware is an original Trojan that is categorized as a crypto-threat. The threat at hand is aimed at English-speaking users and uses cryptographic algorithms to alter the targeted data. Hence, the user would need a decryptor to gain access to the data again. Trojans such as the Skull HT Ransomware and the Pennywise Ransomware do not remove, add or collect data — they simply transform the saved user-generated content and offer the user a way to regain access to the encrypted materials. The same theory is applied by the Waffle Ransomware developers and many others. The distribution technique is not different — spam emails are delivered to users, and an attached Microsoft Word document is presented as an official message from a trusted entity.

Once the user opens the attached file, a macro script is executed in the background and the Waffle Ransomware is installed to the Temp folder with administrative privileges. The Waffle Ransomware Trojan is loaded in the memory and the encryption process is initiated. The encryption engine is reported to be listed in the Task Manager as 'Waffle.exe' and it may run for more than half an hour depending on the volume of the targeted data. Trojans that belong to the same tier of crypto-threats like the Waffle Ransomware are known to target the following file types:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

The files that have been transcoded by the Waffle Ransomware feature the '.waffle' extension. For example, 'Haversian canals.docx' is renamed to 'Haversian canals.docx.waffle.' The cybercrooks behind the Waffle Ransomware are known to request a payment of 50 USD worth of Bitcoins (0.00697 BTC) for the decryption program. The ransom request is presented as a program window titled 'Waffle,' which shows the following text:

'Hello you have been infected by Waffle Ransomware
This is not a joke if you shut off your PC your files will be deleted. You must pay 50$ USD bitcoin and you will recieve a key and your files will be unencrypted.
Our bitcoin address is:158mxePDNmy2nuf44XXadd7rW5WxePAWGX
You have 24 hours.'

Computer security analysts note that it is safe to reboot infected machines, but you will need to purge the Waffle Ransomware using a credible anti-malware utility. Recovering the encrypted files may be tricky since the threat is recorded to delete the native backups made by Windows. Therefore, you will need backups made with a third-party solution. AV companies have added rules to detect the Waffle Ransomware versions and security alerts related to the threat may feature the following detection names:

  • Mal/Generic-S
  • Ransom_WAFFLE.A
  • Trojan-Ransom.Win32.Gen.fwo
  • Trojan.GenericKD.12535414
  • Trojan.Ransom.Waffle
  • Trojan.Win32.Ransom.816128
  • W32/Trojan.SW.gen!Eldorado
  • Win.Trojan.Agent-6365665-0

SpyHunter Detects & Remove Waffle Ransomware

File System Details

Waffle Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe a6797f7fa0eedd453245484931849e19 0

Trending

Most Viewed

Loading...