WannaCry 3.0 Ransomware

WannaCry 3.0 is a ransomware program presented as a new variant of the infamous WannaCry Ransomware. These types of impersonator programs often leverage the notoriety of the original malware. In the case of WannaCry 3.0, it is actually based on open-source Crypter (Python) ransomware.

Ransomware falls under the category of malware designed to encrypt data and demand payment for decryption. WannaCry 3.0 successfully encrypts files on the breached machines. It modifies the filenames by appending a '.wncry' extension, which is also used by the real WannaCry ransomware. For instance, a file originally named '1.doc' appeared as '1.doc.wncry,' '2.png' as '2.png.wncry,' and so on. Moreover, the malicious program has also been confirmed to delete Volume Shadow Copies to hinder data recovery.

After encrypting the files, WannaCry 3.0 makes additional changes to the compromised systems. It alters the desktop wallpaper and creates a pop-up window, both of which contain ransom notes, providing instructions on how victims can pay a ransom to the cybercriminals. It is important to note that the WannaCry 3.0 ransomware has been observed being distributed through deceptive video game installation setups.

WannaCry 3.0 Ransomware Locks a Wide Range of Different File Types

Victims will encounter a message displayed on the desktop wallpaper, notifying them that their files have been encrypted. The message includes instructions on how to access further information if the ransomware's pop-up window is blocked or inaccessible.

The pop-up window itself reveals that the encrypted files have been secured using the AES-256 cryptographic algorithm, and the decryption key required to restore the affected data is exclusively held by the attackers.

To regain access to their files, victims are given a three-day ultimatum to contact the cyber criminals and make the demanded ransom payment. Failure to comply within the specified time frame will result in the deletion of the decryption key, effectively causing permanent loss of the victim's data. The ransom note strongly advises against attempting to remove the ransomware or utilizing an antivirus program, as such actions would render the files permanently undecryptable.

In most cases, decryption of the affected files is only possible with the involvement of the attackers. Exceptions to this occur only when the ransomware itself has significant flaws.

It is important to note that even if the ransom demands are met, victims frequently do not receive the promised decryption keys or tools. As a result, it is strongly recommended not to pay the ransom, as data recovery is not guaranteed, and the act of paying supports the criminal activities of the attackers.

Removing the WannaCry 3.0 ransomware from the operating system will prevent it from encrypting additional files in the future. However, it is crucial to understand that the removal of the ransomware will not restore the data that has already been affected and encrypted.

Users Should Take the Security of Their Devices and Data Seriously

Ensuring the security of data and devices from ransomware threats requires a comprehensive approach that involves various measures. Users can adopt a multi-layered strategy to safeguard their valuable information effectively.

First and foremost, maintaining up-to-date security software is crucial. Installing reputable anti-malware software with real-time scanning capabilities provides an initial defense against ransomware attacks. Regularly updating these security tools ensures they can detect and mitigate emerging threats effectively.

Practicing safe browsing habits is another fundamental aspect of protecting against ransomware. Users should exercise caution when clicking on suspicious links, downloading files from untrusted sources, or visiting potentially risky websites. Educating oneself about common phishing techniques and being vigilant about email attachments or links can significantly reduce the risk of ransomware infiltration.

Regularly backing up data is an essential precautionary measure. Creating multiple backups, both locally and in the cloud, ensures that even if data is encrypted by ransomware, a clean copy can be restored. It is important to verify the integrity and accessibility of backups periodically to ensure their effectiveness in case of an attack.

Strong and unique passwords play a significant role in defending against ransomware attacks. Users should utilize complex passwords or passphrases and avoid reusing them across different accounts. Implementing two-factor authentication (2FA) whenever available adds an extra layer of protection to prevent unauthorized access.

Regularly educating oneself about the evolving ransomware landscape and staying informed about the latest threats is vital. Being aware of common attack vectors and techniques employed by ransomware perpetrators can enhance one's ability to recognize and respond to potential threats effectively.

Overall, a holistic approach that combines robust security software, safe browsing practices, regular data backups, timely software updates, strong authentication methods, and user awareness can significantly enhance the security of data and devices against ransomware threats.

The full text of the ransom note shown to the victims of WannaCry 3.0 Ransomware is:

 WannaCry 3.0

YOUR FILES HAVE BEEN ENCRYPTED !

 Contact our Bot in Telegram: wncry_support_bot

 What Happened to My Computer?

 The important files on your computer have been encrypted with military grade AES-256 bit encryption.

Your documents, videos, images and other forms of data are now inaccessible, and cannot be unlocked without the decryption key.

This key is currently being stored on a remote server.

 To acquire this key, contact our Telegram Bot: wncry_support_bot, and transfer the decryption fee to the specified wallet address before the time runs out.

If you fail to take action within this time window, the decryption key will be destroyed and access to your files will be permanently lost.

Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.

 Can I Recover My Files?

 Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.

But if you want to decrypt all your files, you have to pay.

You only have 3 days to submit the payment.

If you don't manage to pay in 3 days, you won't be able to recover your files forever.

 How Do I Pay?

 Contact our Bot in Telegram: wncry_support_bot

 WE STRONGLY RECOMMEND YOU TO NOT REMOVE THIS SOFTWARE, AND DISABLE YOUR ANTIVIRUS FOR A WHILE, UNTIL YOU PAY AND THE PAYMENT GETS PROCESSED.

IF YOUR ANTIVIRUS GETS UPDATED AND REMOVES THIS SOFTWARE AUTOMATICALLY, IT WILL NOT BE ABLE TO RECOVER YOUR FILES EVEN IF YOU PAY!

 The desktop message of the WannaCry 3.0 Ransomware is:

 Ooops, your important files are encrypted.

 If you see this text, but don't see the "WannaCry 3.0" window then your antivirus removed the decrypt software or you deleted it from your computer.

 If you need your files you have to run the decrypt software.

 Please find an application file named "enlisted_beta-v1.0.3.109.exe" in any folder or restore from the antivirus quarantine.

 Run and follow the instructions!