Wannacry666 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 3 |
First Seen: | January 19, 2011 |
Last Seen: | September 29, 2020 |
OS(es) Affected: | Windows |
In its own words, the Wannacry666 Ransomware uses a "military-grade encryption algorithm" to effectively lock users out of accessing and using their files. The hackers behind the threat then demand money in exchange for the decryption key in their possession. The Wannacry666 Ransomware is the name given to one of the latest additions to the Xorist Ransomware family of malware threats.
The Wannacry666 Ransomware appends '.wannacry666' as a brand new extension to the original filename of every successfully encrypted file. In addition, a text file with instructions from the criminals will be dropped in all folders containing locked data. The name used for the text files is a seemingly random sequence of letters.
Victims of the Wannacry666 Ransomware are told that the decryption key necessary for the restoration of the encrypted files can only be purchased on the darknet. To access the sites, victims are instructed to download the TOR browser and are provided with two URL addresses. Once there, affected users have to input the specific decryption code.
It is strongly recommended for victims of ransomware attacks not only to abstain from sending any amount of money to the criminals but to actually not even initiate communication with them. Instead, the compromised computer system should be cleaned with a professional anti-malware program in order to prevent any further encryption of files. Only after that should a suitable backup be used for the restoration of the locked files.
The full text of the Wannacry666 Ransomware's note is:
'You became victim of the NOTEMANNACRY RANSOMWARE!
The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to
restore your data without a special key. You can purchase this key on the darknet page shown in step 2.
To purchase your key and restore your data, please follow these three easy steps:
1. Download the Tor Browser at "hxxps://www.torproject.org/". If you need
help, please google for "access onion page".
2. Visit one of the following pages with the Tor Browser:
hxxp://mischapuk6hyrn72.onion/9PYdop
hxxp://mischa5xyix2mrhd.onion/9PYdop
3. Enter your personal decryption code there:'
As outlined in the ransom note, the cryptovirus uses military-grade encryption algorithms to prevent users accessing their files. The data can only be decrypted using a key purchased from the hackers on the darknet via a website that can only be accessed through the Tor browser.
Unfortunately, there is currently no third-party tool that can decrypt files affected by WannaCry666. Security researchers are sometimes able to create a public decryption key, but have been unable to do so for this particular ransomware. Only the cybercriminals behind the attack have the decryption key the victim needs. With that said, it is recommended that you never pay the ransom fee. There is no guarantee that you will get the decryption tools you are promised, or that they will even work.
The only safe and effective way to get your data back would be to use a data recovery tool or external backup. Please note that you should first take steps to remove the ransomware from your computer before attempting to restore data. This way, you can be sure that the data won’t get infected again and you can safely use your computer without worry.