Threat Database Ransomware WELL Ransomware

WELL Ransomware

By GoldSparrow in Ransomware

The WELL Ransomware is a new malware threat that has been detected to target user's computers. According to cybersecurity experts, the WELL Ransomware is another variant that belongs to the prolific Dharma Ransomware family. What places it apart from the rest of similar malware threats is the email used to contact the cybercriminals and the extension appended to the encrypted files.

The WELL Ransomware behaves as typical ransomware - it infiltrates the victim’s computer, encrypts files with the most widely used extensions rendering them unusable, and displays a ransom note telling the affected users to pay a fee for a decryption key or tool. In the case of WELL Ransomware, all encrypted files will have their names changed to include the victim’s ID number, followed by the mewellwisher@protonmail[.]ch email address, and 'WELL' as a new file extension.

Most users infected with WELL Ransomware will realize that something is wrong when the malware has finished encrypting their files and displays a pop-up window on their computer screens with the following ransom note:

'YOUR FILES ARE ENCRYPTED

Don't worry,you can return all your files!

If you want to restore them, follow this link:email mewellwisher@protonmail.ch YOUR ID -

If you have not been answered via the link within 12 hours, write to us by e-mail:iamwellwisher@tutanota.com

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

The cybercrooks warn their victims not to rename the encrypted files or try any third-party decryption tools, as these actions may lead to inadvertent data loss. Instead, two emails are provided for contact - mewellwisher@protonmail[.]ch and iamwellwisher@tutanota[.]com.

The WELL Ransomware creates another ransom note located in a text file called 'FILES ENCRYPTED.txt' with a shorter message:

'all your data has been locked us

You want to return?

write email mewellwisher@protonmail.ch or iamwellwisher@tutanota.com'

Unfortunately for victims of the WELL Ransomware, there is no free decryption tool available. While it may be inviting to contact the criminals in an attempt to restore the valuable data that has been taken hostage, most security experts advise against it. Instead, the affected users should use a legitimate anti-malware program to clean their computers and try to restore their data from a back-up that has been created before the WELL Ransomware infection had occurred.

Related Posts

Trending

Most Viewed

Loading...