WannabeHappy Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 4 |
| First Seen: | October 27, 2017 |
| Last Seen: | January 9, 2019 |
| OS(es) Affected: | Windows |
The WannabeHappy Ransomware carries out typical encryption ransomware Trojan attacks on its victims. The WannabeHappy Ransomware was first reported on October 26, 2017. The WannabeHappy Ransomware delivers its ransom messages in English and seems to be delivered mainly using corrupted email attachments that are sent via spam email messages that mimic legitimate email messages from known senders such as Amazon or PayPal. The WannabeHappy Ransomware will be downloaded and installed on the victim's computer by these corrupted email attachments when they are opened, which take the form of Microsoft Word or PDF files with corrupted macros enabled. Computer users should take preventive measures against threats like the WannabeHappy Ransomware, which may include disabling macros on your office suite.
The WannabeHappy Ransomware Targets Various File Types
The WannabeHappy Ransomware's name seems to imply some relationship with the infamous WannaCry Ransomware Trojan released in May 2017. However, it seems that there is no real connection between the two. The WannabeHappy Ransomware is designed to encrypt the user-generated files while leaving the Windows operating system intact. This happens because the WannabeHappy Ransomware and similar threats need the victim to be able to use Windows to read a ransom note and pay the ransom. The WannabeHappy Ransomware will try to encrypt the files that may be important to the victim, ranging from media files to databases and documents of various types in its attack. The WannabeHappy Ransomware often targets the file types listed below:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The WannabeHappy Ransomware will take several minutes encrypting the victim's files, depending on the amount of data targeted in the attack. The WannabeHappy Ransomware will work in the background without alerting the victims that their data is being encrypted. The WannabeHappy Ransomware runs as 'Cryptor.exe' on the victim's computer.
How the WannabeHappy Ransomware Demands Its Ransom Payment
The WannabeHappy Ransomware delivers a ransom note after encrypting the victim's files. The WannabeHappy Ransomware's ransom note is contained in a program window with a black and blue design. The WannabeHappy Ransomware ransom note includes a message that reads:
'Ooops your files have been encrypted
What Happened to My Computer?
Your important files are encrypted. Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
Payment
Send $500 worth of bitcoin to this address
1HgdrvvvChjyqu3K76LVurimqwRNqh1Zr9
Thank you for using wannabehappy'
The WannabeHappy Ransomware's ransom note should be ignored, and the ransom shouldn't be paid. It is likely that the victim's data can be restored after a WannabeHappy Ransomware attack, and a decryption program may be released soon if it is not available currently. Computer users should avoid paying the WannabeHappy Ransomware's 500 USD ransom. It is not typical that the con artists will help victims recover their data, and the payment of these ransoms allows con artists to continue creating and releasing these attacks. Instead, it is important to take preventive measures, including establishing the use of backup systems to ensure that the files can be recovered in an attack.
