Threat Database Ransomware Wanna Dead Ransomware

Wanna Dead Ransomware

By CagedTech in Ransomware

There are countless ransomware threats circulating the Internet, and new ones are emerging daily. The Wanna Dead Ransomware is one of these brand-new data-locking Trojans. When security experts studied this threat, they found out that the Wanna Dead Ransomware is a variant of the very popular Hidden Tear Ransomware.

Does not Attack Iranian Computers

An interesting characteristic of the Wanna Dead Ransomware is that it is programmed to check whether the compromised system’s language is set to Persian or the Time Zone is set to Iran. In case it is, the Wanna Dead Ransomware will halt the attack. It is likely that this threat may originate from Iran and its authors have decided to spare their fellow countrymen in a strangely expressed act of patriotism.

Infecting a System

It is not disclosed what is the exact infection vector involved in the propagating of the Wanna Dead Ransomware. Emails containing macro-laced attachments, fraudulent software updates, and infected pirated application may be among the propagation methods used by the authors of the Wanna Dead Ransomware to spread their creation. The Wanna Dead Ransomware will perform a scan as soon as it infiltrates a system. The goal is to locate the files, which will be targeted for locking. Next is the encryption process. The Wanna Dead Ransomware applies a new extension to all the newly locked files – ‘.locked.’ This means that an audio file originally named ‘summer-storm.mp3’ will be renamed to ‘summer-storm.mp3.locked’ when the Wanna Dead Ransomware encrypts it.

The Ransom Note

The next phase is the dropping of the ransom note. The Wanna Dead Ransomware’s note is called ‘READ_IT.txt.’ In it, the attackers ask for 0.035 Bitcoin (approximately $410 at the time of writing this post) and give out their Bitcoin wallet address. They also provide the users with an email where they can contact the attackers – ‘’ To prove that they can unlock the encrypted data, the authors of the Wanna Dead Ransomware offer to decrypt one file cost-free, as long as it is smaller than 1MB in size and does not contain important information.

Do not fall for the often-empty promises of cybercriminals. It is better to ignore them and instead download and install a legitimate anti-malware software tool, which will clear the Wanna Dead Ransomware of your computer. Then, you can attempt to recover some of the locked files via third-party data-recovery software.


Most Viewed