'.wcry File Extension' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 7 |
First Seen: | February 14, 2017 |
Last Seen: | October 28, 2021 |
OS(es) Affected: | Windows |
The '.wcry File Extension' Ransomware is a ransomware Trojan that is used to force computer users to pay a large ransom by taking their files hostage. The '.wcry File Extension' Ransomware will target the victim's files, encrypting them to make them inaccessible. The '.wcry File Extension' Ransomware has the capacity to encrypt more than 160 different file types during its attack. After encrypting the victim's files, the '.wcry File Extension' Ransomware displays a ransom note demanding that the victim makes a payment to recover the affected files. The '.wcry File Extension' Ransomware is distributed through corrupted file attachments delivered through spam email campaigns. Being cautious when handling unsolicited email attachments is one of the best ways to prevent the '.wcry File Extension' Ransomware from entering a computer.
The Scary Ransom Note Presented by the '.wcry File Extension' Ransomwar
There are several ways in which the '.wcry File Extension' Ransomware could be distributed to potential victims of this attack. These may include corrupted spam email messages, file sharing websites distributing corrupted files corrupted scripts on compromised websites, or even con artists hacking into the victim's computer directly, (which is not uncommon in the case of high-profile targets such as Web servers or corporate networks). Once the '.wcry File Extension' Ransomware has been installed on the victim's computer, it will encrypt the victim's files, identifying each of the encrypted files with the extension '.wcry.' During the attack, the '.wcry File Extension' Ransomware will deliver a ransom note written in English that is designed to scare computer users into paying a ransom. The text of the '.wcry File Extension' Ransomware ransom note reads as follows:
'Your files have been safely encrypted!
Most of your files are encrypted with strong AES-128 ciphers.
To decrypt files you need to obtain the private keys, and it is the only possible way.
To obtain the keys you should pay them with bitcoin.
The cost will double by the specified time.
The cost will double
[date and time] What to do, How to do
1. Send 0.1 BTC to 1G7bggAjH8pJaUfUoC9kRAcSCoev6djwFZ
You will be able to download the private key within 12 hours.
2. How to DECRYPT your files
1) Click 'Start Decrypt'.
2) First, you should send a download request with your Bitcoin wallet address.
(Important: You must know your actual wallet address from where your payment be sent.)
3) Sleep.
4) After 5~6 hours you will have the key and can decrypt your files. Go!
5) That's all.
3. About BITCOIN
1) For more information about bitcoin, please visit https://en.wikipedia.org/wiki/Bitcoin
2) Here are our recommendations to purchase bitcoin:
…
Any attempt to corrupt or remove this software will result in immediate elimination of the private keys by the server.
Start Decrypt'
The '.wcry File Extension' Ransomware demands the payment of 0.1 Bitcoin in its attack, which is equivalent to about $100 USD. Avoid paying the '.wcry File Extension' Ransomware ransom. There is little chance that the people responsible for the '.wcry File Extension' Ransomware attack will keep their word and help victims recover. Furthermore, the payment will go towards creating additional ransomware and carrying out more attacks on potential victims. The '.wcry File Extension' Ransomware targets the following file extensions during its attack:
.key, .crt, .csr, .p12, .pem, .odt, .ott, .sxw, .stw, .uot, .3ds, .max, .3dm, .ods, .ots, .sxc, .stc, .dif, .slk, .wb2, .odp, .otp, .sxd, .std, .uop, .odg, .otg, .sxm, .mml, ., .lay, .lay6, .asc, .sqlite3, .sqlitedb, .sql, .mdb, .db, .dbf, .odb, .frm, .myd, .myi, .ibd, .mdf, .ldf, .sln, .suo, .cs, .c, .cpp, .pas, .h, .js, .vb, .pl, .dip, .dch, .sch, .brd, .jsp, .php, .asp, .rb, .java, .jar, .class, .sh, .mp3, .wav, .swf, .fla, .wmv, .mpg, .mpeg, .vob, .asf, .avi, .mov, .mp4, .3gp, .mkv, .3g2, .flv, .wma, .mid, .m3u, .m4u, .ai, .psd, .nef, .tiff, .tif, .cgm, .raw, .gif, .png, .bmp, .backup, .zip, .rar, .7z, .gz, .tgz, .tar, .bak, .tbk, .tarbz2, .PAQ, .ARC, .aes, .gpg, .vmx, .vmdk, .vdi, .602, .hwp, .edb, .potm, .potx, .ppam, .ppsx, .ppsm, .pps, .pot, .pptm, .xltm, .xltx, .xlc, .xlm, .xlt, .xlw, .xlsb, .xlsm, .dotx, .dotm, .dot, .docm, .docb, .jpg, .jpeg, .dwg, .pdf, .rtf, .csv, .txt, .wk1, .wks, .123, .vsdx, .vsd, .eml, .msg, .ost, .pst, .pptx, .ppt, .xlsx, .xls, .docx, .doc.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.