Threat Database Ransomware WannaOof Ransomware

WannaOof Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1
First Seen: May 14, 2019
Last Seen: May 15, 2019
OS(es) Affected: Windows

A brand new file-locking Trojan has emerged online recently. It is called the WannaOof Ransomware. Ransomware threats are growing in popularity among cybercriminals worldwide, and many are quick to try their luck in extorting money from unsuspecting strangers online. Some more skilled cyber crooks even offer their ransomware as a service, where you can pay to use their creation and make cash, which means that even a person who is not tech-savvy can be a cybercriminal.

The WannaOof Ransomware is largely believed to be spreading around via spam email, pirated content and faux updates. When it infects your computer, the WannaOof Ransomware would start a scan and find the file types it was programmed to lock. The next step is the encryption process. The WannaOof Ransomware applies its own extension to the files it has encrypted. The extension is what gave the WannaOof Ransomware its name - '.oof.' This means that a file you had given the name 'hand-cream.png' previously would have the WannaOof Ransomware extension added to it and would be called 'hand-cream.png.oof' after the attack has taken place. It is likely that the name of the extension was inspired by a meme that got very popular in 2018 – the Roblox (video game) death sound. The creators of the WannaOof Ransomware state that they want 0.02 Bitcoin (approximately $107, at the time of writing this article) in exchange for the decryption key. There is also a 24-hour timer counting down the time you have left until your data is lost forever, or so the attackers promise. They also go on to warn the victims that if they try to decrypt the files themselves, remove the threat, or modify the data in any way all of it will be 'irretrievable.' However, it is unconfirmed whether this is the case or not. Unlike with most file-locking Trojans, the WannaOof Ransomware does not provide the users with an email address where they would contact the authors of the threat and potentially arrange the payment. Furthermore, the attackers fail to give the victim a valid Bitcoin address too, making it impossible even to pay the ransom fee demanded.

This leads experts to believe that the WannaOof Ransomware is either meant to be a joke, however mean-spirited it may be or an unfinished project. Either way, your best option is to trust a reputable anti-malware application to wipe your PC clean of the WannaOof Ransomware and then, if you wish, try to retrieve some of the files locked using a third-party data recovery application.

Trending

Most Viewed

Loading...