WannaOof Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 1 |
First Seen: | May 14, 2019 |
Last Seen: | May 15, 2019 |
OS(es) Affected: | Windows |
A brand new file-locking Trojan has emerged online recently. It is called the WannaOof Ransomware. Ransomware threats are growing in popularity among cybercriminals worldwide, and many are quick to try their luck in extorting money from unsuspecting strangers online. Some more skilled cyber crooks even offer their ransomware as a service, where you can pay to use their creation and make cash, which means that even a person who is not tech-savvy can be a cybercriminal.
The WannaOof Ransomware is largely believed to be spreading around via spam email, pirated content and faux updates. When it infects your computer, the WannaOof Ransomware would start a scan and find the file types it was programmed to lock. The next step is the encryption process. The WannaOof Ransomware applies its own extension to the files it has encrypted. The extension is what gave the WannaOof Ransomware its name - '.oof.' This means that a file you had given the name 'hand-cream.png' previously would have the WannaOof Ransomware extension added to it and would be called 'hand-cream.png.oof' after the attack has taken place. It is likely that the name of the extension was inspired by a meme that got very popular in 2018 – the Roblox (video game) death sound. The creators of the WannaOof Ransomware state that they want 0.02 Bitcoin (approximately $107, at the time of writing this article) in exchange for the decryption key. There is also a 24-hour timer counting down the time you have left until your data is lost forever, or so the attackers promise. They also go on to warn the victims that if they try to decrypt the files themselves, remove the threat, or modify the data in any way all of it will be 'irretrievable.' However, it is unconfirmed whether this is the case or not. Unlike with most file-locking Trojans, the WannaOof Ransomware does not provide the users with an email address where they would contact the authors of the threat and potentially arrange the payment. Furthermore, the attackers fail to give the victim a valid Bitcoin address too, making it impossible even to pay the ransom fee demanded.
This leads experts to believe that the WannaOof Ransomware is either meant to be a joke, however mean-spirited it may be or an unfinished project. Either way, your best option is to trust a reputable anti-malware application to wipe your PC clean of the WannaOof Ransomware and then, if you wish, try to retrieve some of the files locked using a third-party data recovery application.