WanaCry4 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1,971 |
| First Seen: | August 10, 2017 |
| Last Seen: | June 10, 2023 |
| OS(es) Affected: | Windows |
The WanaCry4 Ransomware is one of the many copycat ransomware Trojans that have appeared in the wake of WannaCrypt0r or WannaCry Ransomware. This dangerous ransomware Trojan appeared in May 2017, and was responsible for thousands of infections around the world, gaining significant media attention. Since its release, criminals have released numerous malware infections designed to mimic its attack, in an attempt to make the victims believe that their computer was infected by this high profile Although the WanaCry4 Ransomware is not related to the infamous WannaCry, it does have the capability of carrying out an effective ransomware attack, making the victim's data completely unusable. Because of this, computer users should safeguard their data by taking precautions against ransomware Trojans such as the WanaCry4 Ransomware, which are becoming ever more common thanks to the availability of open source ransomware engines, RaaS outlets (Ransomware as a Service), and various other factors.
Another Ransomware that Makes You to 'WanaCry'
The most common way in which the WanaCry4 Ransomware is distributed is through the use of spam email messages. The victims will receive the WanaCry4 Ransomware Trojan in the form of a spam email attachment, which includes bad macro scripts that download and install the WanaCry4 Ransomware onto the victim's computer. The WanaCry4 Ransomware is part of a wave of ransomware Trojans released in July and August 2017 designed to mimic WannaCry and often based on Hidden Tear or other open source ransomware engines. To date, it is not certain whether there is a connection between these or if they were released by separate groups. The WanaCry4 Ransomware itself is based on CryptoWire, a well-known encryption ransomware Trojan family that first appeared in October, 2016.
How the WanaCry4 Ransomware Carries out Its Attack
Once the WanaCry4 Ransomware has been installed on the victim's computer, it connects to its Command and Control server to transmit information about the infected computer and receive data connected to the attack. The WanaCry4 Ransomware will scan the victim's computer for files with certain extensions, looking for Microsoft Office documents, images, audio, video, and files with commonly used files extensions. The WanaCry4 Ransomware will use the AES 256 encryption to make the victim's files inaccessible, attaching the file extension '.encrypted' to the end of each affected file. Once the victim's files are encrypted, the WanaCry4 Ransomware will demand that the victim communicates with the con artists using the email address 'shadowbroker_1@protonmail.com' to negotiate the amount required as payment for the decryption key required to recover the affected files. The people responsible for the WanaCry4 Ransomware demand a ransom payment of 1000 USD, to be paid in Bitcoins. The victims are given 72 hours to pay, claiming that their files will be lost permanently if the ransom fee is not paid within that time.
Dealing with a WanaCry4 Ransomware Infection
It is highly recommended not paying the ransom that the WanaCry4 Ransomware demands, as well as ransoms associated with other ransomware Trojans. There are several reasons for this:
- Paying the WanaCry4 Ransomware ransom allows the people responsible for the WanaCry4 Ransomware attack to continue developing and releasing threats by financing their operations.
- The people responsible for Trojans like the WanaCry4 Ransomware will rarely keep their promise to deliver the decryption key. They are just as likely to ignore the victim or to demand a higher ransom payment.
- Paying the WanaCry4 Ransomware ransom shows a willingness and ability to pay these ransoms, marking the victim prone to future threat attacks.
The best protection against ransomware Trojans like the WanaCry4 Ransomware is to have a reliable backup system in the cloud, an unmapped drive, or on an external memory device. Having the ability to recover the affected files from a backup invalidate the attack since there is no longer any need to pay the ransom.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.