Wesker Ransomware

Ransomware threats are the biggest trend among cybercriminals, and it does not come as a surprise that malware researchers have to deal with new file-lockers on a daily basis. One of the most recent file-encryption Trojans to be spotted by security experts is the Wesker Ransomware – a file-locker that does not appear to have links to any hacking group or ransomware family, and there is a strong chance that it might have been written from scratch.

Despite being new to the scene relatively, the Wesker Ransomware has already snatched the files of several victims in various countries. Having your files taken hostage by ransomware is guaranteed to be a negative and frustrating experience since this means that you might end up being unable to access important documents, images, archives, databases, projects and other files. The situation gets even worse when the ransomware in question is impossible to decrypt – this is the case of the Wesker Ransomware exactly.

Unlike many of its brethren, the Wesker Ransomware does not use a custom file extension to mark the names of locked files so that users will only find out that a file is encrypted when they try to open it and it ends up being impossible to access. Of course, the cybercriminals behind the Wesker Ransomware have not created this program just to wreak havoc – they plan to extort their victims for money. This is done by supplying every victim with a ransom note that is found in the file ‘!!!INSTRUCTION_RNSMW!!!.txt.’ It tells the recipients that their files have been encrypted securely and the only recovery option is to cooperate with the attackers. However, the crooks are not willing to help for free, and this is why they instruct their victims to visit a personalized TOR-hosted payment page. The payment portal reveals that every victim can purchase a decryptor in exchange for some DASH, a popular cryptocurrency. The attackers also mention that they can be reached via the Telegram account ‘tor2web_wesker’ in case the victims have any additional questions.

It would be foolish to send money to the anonymous criminals who just took your valuable files away from you so that we advise you to look for a solution that involves legitimate software. Unfortunately, while the removal of the Wesker Ransomware can be accomplished with the use of a trustworthy antivirus application easily, the same cannot be said about the encrypted files. Due to the lack of a free decryption option, victims of the Wesker Ransomware may need to use alternative data recovery options that may not always deliver satisfying results.