WannaCryOnClick Ransomware

The WannaCryOnClick Ransomware is a ransomware Trojan that is a copycat of WannaCry, a well-known ransomware Trojan responsible for numerous high-profile attacks in recent years. Although the WannaCryOnClick Ransomware is not as sophisticated or threatening as WannaCry, the WannaCryOnClick Ransomware is capable of carrying out an effective encryption ransomware attack and uses a ransom note that is very similar to the one used by WannaCry. Most the WannaCryOnClick Ransomware attacks are centered in Turkey. Although the WannaCryOnClick Ransomware is an effective ransomware Trojan, it seems that it is not functional completely, and the version of the WannaCryOnClick Ransomware studied by malware researchers was still under development. The WannaCryOnClick Ransomware will fail to encrypt the victim's data frequently but will display a ransom note regardless. The WannaCryOnClick Ransomware was first observed in July 2017, and it is likely that it is a version of a ransomware Trojan that is still under development.

Unveiling the WannaCryOnClick Ransomware Attack

Today, it is relatively easy to create ransomware Trojans that use an effective encryption attack (unlike a few years ago, before the open source ransomware platforms were released to the public). The con artists can base their ransomware Trojans on HiddenTear or EDA (both open source ransomware platforms) or create ransomware as part of a RaaS (Ransomware as a Service) provider. The WannaCryOnClick Ransomware seems to have been created from scratch, and because of this, it seems to have several characteristics that are still not fully functional. The WannaCryOnClick Ransomware uses a custom AES algorithm to make the victim's files inaccessible. AES, the encryption method used by the WannaCryOnClick Ransomware, is used by most encryption ransomware Trojans that are active currently. The goal of the WannaCryOnClick Ransomware is to encrypt the victim's files, targeting the user-generated files, which may include images, audio, video, spreadsheets, databases, and files associated with a large number of different file types. The WannaCryOnClick Ransomware's ultimate objective is the same as most encryption ransomware Trojans; encrypt the victim's files taking them hostage, and then demanding the payment of a large ransom in exchange for the decryption key necessary to recover the affected files.

The WannaCryOnClick Ransomware’s Ransom Demand

The WannaCryOnClick Ransomware demands an extraordinarily large ransom amount in exchange for the decryption key, $7000 USD to be paid in BitCoins (2.83280 BTC at the current exchange rate). After encrypting the victim's files, the WannaCryOnClick Ransomware will display a ransom note after encrypting the victim's files. The ransom note appears in a program window named 'Local,' which displays a text written in Turkish. Below is an English translation of the WannaCryOnClick Ransomware's ransom note:

'All data in your system is fully encrypted, including your backups. The only way to get your data back fully is to send $7,000 to the following bitcoin address. Right now we have full access to your system. We destroyed all the data you wanted. Your local and Nas servers and your terminal machines have not been damaged. We had no access to the contents of the information and documents. However, if you pay within the prescribed period, your files will be restored. If you do not pay and you do not cooperate with us, we will not stop data from going public. Once you have completed the transfer, you will have to click on the "Check Payment" button. The program will notify us. Do not interrupt the server's internet connection ... When the bitcoin transfer is successful, the button will be active.
About Bitcoin How to buy Bitcoins Contact Us [RANDOM CHARACTERS]
Check Payment Decrypt'

Dealing with the WannaCryOnClick Ransomware

Since the WannaCryOnClick Ransomware attack is not effective particularly, and many times will fail to encrypt even the victim's data, it is important to refrain from paying the absurdly large ransom amount associated with this attack. The best protection against the WannaCryOnClick Ransomware is the same as with most other encryption ransomware Trojans; the use of an effective file backup system to ensure that files can be recovered easily after an attack.