Threat Database Ransomware Wannacry666 Ransomware

Wannacry666 Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: January 19, 2011
Last Seen: September 29, 2020
OS(es) Affected: Windows

In its own words, the Wannacry666 Ransomware uses a "military-grade encryption algorithm" to effectively lock users out of accessing and using their files. The hackers behind the threat then demand money in exchange for the decryption key in their possession. The Wannacry666 Ransomware is the name given to one of the latest additions to the Xorist Ransomware family of malware threats.

The Wannacry666 Ransomware appends '.wannacry666' as a brand new extension to the original filename of every successfully encrypted file. In addition, a text file with instructions from the criminals will be dropped in all folders containing locked data. The name used for the text files is a seemingly random sequence of letters.

Victims of the Wannacry666 Ransomware are told that the decryption key necessary for the restoration of the encrypted files can only be purchased on the darknet. To access the sites, victims are instructed to download the TOR browser and are provided with two URL addresses. Once there, affected users have to input the specific decryption code.

It is strongly recommended for victims of ransomware attacks not only to abstain from sending any amount of money to the criminals but to actually not even initiate communication with them. Instead, the compromised computer system should be cleaned with a professional anti-malware program in order to prevent any further encryption of files. Only after that should a suitable backup be used for the restoration of the locked files.

The full text of the Wannacry666 Ransomware's note is:

'You became victim of the NOTEMANNACRY RANSOMWARE!

The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to

restore your data without a special key. You can purchase this key on the darknet page shown in step 2.

To purchase your key and restore your data, please follow these three easy steps:

1. Download the Tor Browser at "hxxps://www.torproject.org/". If you need

help, please google for "access onion page".

2. Visit one of the following pages with the Tor Browser:

hxxp://mischapuk6hyrn72.onion/9PYdop

hxxp://mischa5xyix2mrhd.onion/9PYdop

3. Enter your personal decryption code there:'

As outlined in the ransom note, the cryptovirus uses military-grade encryption algorithms to prevent users accessing their files. The data can only be decrypted using a key purchased from the hackers on the darknet via a website that can only be accessed through the Tor browser.

Unfortunately, there is currently no third-party tool that can decrypt files affected by WannaCry666. Security researchers are sometimes able to create a public decryption key, but have been unable to do so for this particular ransomware. Only the cybercriminals behind the attack have the decryption key the victim needs. With that said, it is recommended that you never pay the ransom fee. There is no guarantee that you will get the decryption tools you are promised, or that they will even work.

The only safe and effective way to get your data back would be to use a data recovery tool or external backup. Please note that you should first take steps to remove the ransomware from your computer before attempting to restore data. This way, you can be sure that the data won’t get infected again and you can safely use your computer without worry.

Trending

Most Viewed

Loading...