WECANHELP Ransomware

Recently, malware researchers spotted a new data-locking Trojan circulating the Internet. Its name is WECANHELP Ransomware and once dissected this threat revealed to be a variant of the Cry36 Ransomware and the Nemesis Ransomware.

Propagation and Encryption

Cybersecurity experts have not yet been able to determine with full certainty what are the infection vectors applied in the propagation of the WECANHELP Ransomware. It is very likely that spam emails containing macro-laced attachments, bogus application updates, and pirated fake copies of popular software tools may be among the propagation methods used by the creators of the WECANHELP Ransomware. Regardless of how the WECANHELP Ransomware ends up on your system, once it infiltrates it, its first task is to perform a quick scan. The scan is made to determine the locations of the files, which the WECANHELP Ransomware was programmed to target. Next begins the encryption process. When the WECANHELP Ransomware encrypts a file, it also will alter its name. This ransomware threat adds a '.id__. WECANHELP' extension at the end of the filename.

The Ransom Note

The next step is the dropping of the ransom note. The WECANHELP Ransomware's note is named '_RESTORE FILES_.txt.' In the note, the attackers give out three email addresses where they can be contacted – 'wecanhelpyou@elude.in,' 'w3canh3lpy0u@cock.li,' and 'wecanh3lpyou2@cock.li.' For the users who may prefer to converse over Jabber, they provide their contact details – 'icanhelp@xmpp.jp.' The authors of this threat do not mention a specific ransom fee but make it clear that they would like it to be in the shape of Bitcoin. In the note, the attackers also demand that the victim purchases the 'Nemesis Decryptor' tool.

It is never a upstanding idea to contact cybercriminals like the ones responsible for the WECANHELP Ransomware. A much safer approach would be to download and install a reputable anti-virus suite and have it remove the WECANHELP Ransomware from your system. Then, you can try to recover some of the lost files via a third-party data-recovery tool.