Wana Decrypt0r Trojan-Syria Editi0n Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | June 19, 2017 |
| Last Seen: | September 12, 2020 |
| OS(es) Affected: | Windows |
The Trojan-Syria Editi0n Ransomware is designed to mimic the WannaCry Ransomware infection, a well-known ransomware Trojan that received substantial media attention in May of 2017. The Trojan-Syria Editi0n Ransomware claims to be a Syrian version of the WannaCry Ransomware, and it is designed to infect computers running the Windows operating system. The Trojan-Syria Editi0n Ransomware is not a WannaCry variant, and there is no relationship between the Trojan-Syria Editi0n Ransomware and that sophisticated ransomware Trojan. The Trojan-Syria Editi0n Ransomware is a variant of HiddenTear, an open source ransomware engine that has spawned countless ransomware variants since it was first made public in August of 2015. Although the Trojan-Syria Editi0n Ransomware is not designed as a variant of WannaCry, the Trojan-Syria Editi0n Ransomware is still capable of carrying out an effective ransomware attack that can compromise the computer users' files. Because of this, PC security analysts strongly advise taking precautions, especially by establishing backup systems and taking extra care when handling any spam email or email attachments or links.
How the Trojan-Syria Editi0n Ransomware Attacks a Computer
PC security analysts have detected various other ransomware Trojans trying to emulate WannaCry, which was responsible for thousands of attacks around the world and received lots of attention. There are two versions of the Trojan-Syria Editi0n Ransomware. The first one of these marks the files encrypted in the attack with the file extension '.wannacry' and seems to be an early release of the Trojan-Syria Editi0n Ransomware. The second version of the Trojan-Syria Editi0n Ransomware uses a longer extension to mark the files: '.Wana Decrypt0r Trojan-Syria Editi0n,' which is added to the end of every file name. The Trojan-Syria Editi0n Ransomware also will change the infected computer's desktop image into a pirate flag with the message 'THE INTERNET All the PIRACY, none of the SCURVY.'
Con Artists can Profit from an Attack by the Trojan-Syria Editi0n Ransomware
The Trojan-Syria Editi0n Ransomware in both versions demands the payment of $50 USD in BitCoins. Although this is not as large as the amount demanded by these threats, criminals will seldom keep their promise to provide the decryption key, instead demanding additional ransom payments or ignoring the victim altogether. Because of this, computer users should use backup copies to recover the affected files. The Trojan-Syria Editi0n Ransomware infection itself can be deleted with a reliable security program. Both versions of the Trojan-Syria Editi0n Ransomware use some variant of the following ransom note to demand payment:
'Ooops, Your Files Have Been Encrypted !!!
What Happened To My Computer?
your important files are encrypted.
many of your documents, photos, videos, and other files are no longer
accessible because they have been encrypted, maybe you are busy looking
way to recover your files, but do not waste your time, nobody can recover
your files without our decryption service.
Can I Recover My Files?
sure we guarantee that you can recover all your files safely and easily.
but you have not so enough time.
if you need to decrypt your files, yo need to pay.
you only have 3 days to submit the payment.
after that the price will be doubled or your files and computer will be destroyed
How Do I Pay?
payment is accepted in bitcoin only, for more information, click
check the current price of bitcoin and buy some bitcoin. for more information,
click
and send correct amount to the address below
after your payment, click
Send $50 Worth In Bitcoin To This Address
[BTC] button [Copy]
button [Check Payment]'
In both cases, the Trojan-Syria Editi0n Ransomware seems to encrypt a few file types. However, these are still common file types, and their loss will mean significant problems for the affected computer user. The following file types are encrypted in the Trojan-Syria Editi0n Ransomware infections:
.asp, .aspx, .bmp, .csv, .doc, .docx, .exe, .flv, .gif, .html, .jpeg, .jpg, .mdb, .mp3, .mp4, .pdf, .php, .png, .ppt, .pptx, .psd, .rar, .rtf, .sln, .txt, .xls, .xlsx, .xml, .zip.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.