Wal Ransomware

File-locking Trojan threats seem to be popping like mushrooms these days with one of the latest ones detected being the Wal Ransomware. This is not surprising, however. Ransomware threats offer criminals a way to make a quick buck, and if they play their cards right there is a low chance for them ever to get caught, and unfortunately, there will always be people whose moral compass, or lack of such, would allow them to engage in such activities.

Upon inspection conducted by malware researchers, it was established that the Wal Ransomware is a variant of the infamous Dharma Ransomware. It is believed that its propagation is done via the usual methods of spamming unsuspecting users with emails that have an attached infected file, tricking them into clicking on a faux update notification or pirated software. If you are among the unlucky ones that have given the Wal Ransomware access to their system you would see that after performing a quick scan to identify the files it is targeting, the Wal Ransomware will begin locking your data immediately. After going through the encryption process, your files will be left unusable. The Wal Ransomware was given its name because upon encryption this file-locking Trojan would add the '.wal' extension to the affected files. For example, if you had a file named 'small-zebra.jpg,' the Wal Ransomware would change it to 'small-zebra.jpg.wal.' Having completed this step of the attack, the Wal Ransomware would drop a ransom note that is likely to be called 'FILES ENCRYPTED.txt' as this name is often used by variants of the Dharma Ransomware. There is no specified sum that the authors of the Wal Ransomware demand but they give the victim an email address where they could potentially be contacted – decryptdocs@protonmail.com.

We strongly recommend you not to engage with cybercriminals like the creators of the Wal Ransomware. They will likely lie to you and trick you out of a significant sum of money. A good approach in this sticky situation is to install a legitimate anti-spyware suite and wipe your computer clean. Also, you can attempt to retrieve some of the data locked by the Wal Ransomware using a third-party file recovery software, but this is likely to have limited success.