.waiting Ransomware Description
The .waiting Ransomware is a highly harmful threat that enciphers the most valuable files on a computer to justify the demand of a ransom to get the decryption ransomware necessary to recover the enciphered data. A computer user infected with the .waiting Ransomware will have a useless machine since their files were totally modified because the .waiting Ransomware has changed their names by adding the file extension '.waiting' to their names. Therefore, if you have a file named '3.notes,' it will be renamed to '3.notes.waiting' after its encryption.
The .waiting Ransomware Ransom Note
Then, the .waiting Ransomware will present the victims with its ransom demands in a ransom note named 'ReadMe.hta' that will appears in a pop-up window in any folder containing the enciphered files. The content of the ransom note informs the victims about why their files are no longer functioning, give them five days to make the ransom payment to avoid their data deletion, and ask the victims to make contact with the crooks handling the .waiting Ransomware via the email address firstname.lastname@example.org or uTox. They also create a unique Id to each victim, which should be used when contacting them so that they can identify the victim. To make the victims believe they have functional decryption software, they offer to decrypt three files for free since they do not contain crucial information and are not bigger than % MB. In the end, they warn the victims that if they try to use other decryption methods, their files will be destroyed for good.
The ransom note does not mention how much they want to receive to provide the decryption application, but you can be sure that it will not be for free. However, no matter if it is a small or a significant amount, sending money to cyber crooks is not an appropriate action, and the victims that do it probably will end up with their precious files enciphered and their bank accounts shorter.
The ransom note reads as follows:
YOUR FILES ARE ENCRYPTED
Your PC security is at risk
All your files were encrypted and important data was copied to our storage
If you do not need your files, then the private key will be deleted within 5 days
If you want to restore files and return important data, application, contact the operator and enter YOUR ID QQYKLMTP5
ID of your personal operator –
If the Operator did not respond within 24 hours or encountered any problem then send an email to our support email@example.com
In the header of the letter, indicate your ID and attach 2-3 infected files for the decryption tool
Files should not have important information and should not exceed the size of more than 5 MB
As our guarantees, we will return your files restored
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
While it’s true that you can’t access files without having them decrypted, you should never pay the ransom. The thought of losing all of your data is scary, and many will be tempted to pay out of fear alone. That’s what the attackers want. Many people who pay the ransom report not receiving their promised decryption key or – even worse – becoming the victims of even bigger scams. For your sake, it’s better not to pay the ransom at all. Losing data is nothing compared to the financial losses and identity theft that could happen if you give these people your details.
What Does .Waiting Do?
As mentioned above, the .waiting virus finds and encrypts essential files on a computer. It also drops a ransom note for victims. The ransom note explains how to get in touch with the hackers to restore data through a decryption key. The victim has to pay an extortionate amount of money – up to $1500 – to get their files restored.
Is There a Way to Restore Encrypted Data?
As mentioned above, it’s all too common for threat actors to disappear with your money. It would be best if you didn’t trust criminals to live up to their end of the bargain. The only way to restore your encrypted data would be to restore it from a backup. This is why you should always keep regular backups of your data – to prevent data loss. If you don’t have a backup, there are software programs that can help.
How Does Ransomware Spread?
There are several ways that a cryptovirus like this can infect your computer. The most common infection vectors for ransomware are malicious websites such as freeware websites and torrent websites. Ransomware also spreads through spam email campaigns.
You should pay attention while surfing the web and checking your email. Delete any suspicious emails and scrutinize any message that claims to be from an official source. Double-check the sender and the spelling and grammar of the email.
Avoid downloading software from third-party freeware sites. These websites have an open-door policy that allows for threat actors to easily upload fake software updates that install malware instead. Get your software from official sources or trusted third-party sites. This way, you can protect your computer against malware and ransomware such as the .waiting file encryption virus.