WanaCray2023+ Ransomware

The WanaCray2023+ malware belongs to the group of threats created specifically to lock the data of their victims. Known as ransomware threats, they utilize strong cryptographic algorithms to ensure that the encrypted data is impossible to restore without assistance from the threat actors. The goal of the vast majority of ransomware operators is to extort their victims for money.

When the WanaCray2023+ Ransomware is activated on an infected system, it will affect most of the file types stored there. The threat will append a new file extension ('.WanaCray2023+') to each encrypted file. Further changes to the system made by the malware, include changing the current desktop background image, creating a text file named 'HOW TO DECRYPT FILES.txt' and opening a pop-up window named 'Error.'

Ransom Note's Details

Both the text file and the pop-up window contain a ransom note with instructions for the WanaCray2023+ Ransomware victims. The message in both places is identical and written entirely in Czech, without any translation to other languages. Typically, this would signal that the operators of the threat are focused on infecting users from that specific country primarily.

According to a rough translation of the ransom-demanding message, the cybercriminals demand to receive a ransom of exactly 6000 Czech korunas, which is worth $25 approximately. However, the money will only be accepted if it is transferred to the provided crypto-wallet address as Bitcoins.

The further pressure their victims, the hackers behind the WanaCray2023+ Ransomware borrow tactics from what is known as sextortion schemes. The cybercriminals claim to have infected the user's device with a RAT (Remote Access Trojan) that has allowed them to make compromising videos. The ransom note also claims that sensitive and confidential data has been collected from the breached device and is now available to the attackers. Both ransom notes end with an incomplete email address - 'decryptmypc@onionmail.'

The full text of the messages left by WanaCray2023+ Ransomware in the original Czech language is:

'ytvoøil jsem video se dvìma obrazovkami. První èást ukazuje video, které jste sledoval (máte dobrý vkus, haha …), a druhá èást zobrazuje záznam z Vaší webové kamery. Mùžete skenovat poèítaè nebo cokoliv jiného. (Všechna data jsou již nahrána na vzdálený server.) A vaše zašifrována všechna . 6000 Kè je spravedlivá cena za naše malé tajemství. Zaplatíte pøes Bitcoin Do vašeho pøístroje jsme nainstalovali jeden software RAT. Pro tento okamžik je váš emailový úèet napaden (viz , nyní mám pøístup k vašim úètùm).. Stahoval jsem všechny dùvìrné informace z vašeho systému a dostal jsem další dùkazy. Nejzajímavìjším okamžikem, který jsem objevil, jsou videozáznamy o vás masturbující. BTC PENEZENKA_ 133bBk9oqt5W9A8WuA1RPW8JtLYdSDkZcQ Zveøejnil jsem virus na pornografickém webu, a pak jste jej nainstalovali do svého operaèního systému. Po klepnutí na tlaèítko Pøehrát na porno video, v tom okamžiku byl mùj trojan stažen do vašeho zaøízení. Po instalaci vám pøední fotoaparát natáèí video.Kontakt decryptmypc@onionmail'