WExtension Ransomware

WExtension Ransomware Description

The WExtension Ransomware targets users' computers and locks the files stored there with an uncrackable encryption algorithm. The goal of the cybercriminals behind the threat is to then extort their victims for money by promising to restore all affected data upon receiving payment. Ransomware attacks have become increasingly common and they can disrupt the devices of individual users, small business enterprises, as well as multi-million corporations.

The WExtension Ransomware targets a large number of file types. It also modifies the names of the encrypted files by appending '.WExtension' to them. A ransom note with instructions for the victim also will be dropped on the compromised system. The ransom-demanding message will be delivered in the form of a text file named 'read_it.txt.' It is important to note that WExtension is not a wholly unique threat, as analysis has revealed that it is a variant from the Chaos malware family.

Ransom Note's Details

The WExtension Ransomware cybercriminals price their ransom at exactly $1,500. According to the note, the funds must be transferred using the Bitcoin cryptocurrency to the attackers' wallet address. Little other useful details can be found in the note. It doesn't mention any ways that victims can contact the attackers for more details. There is no offer to decrypt even a single file for free as a demonstration of the hacker's ability to restore the encrypted files.

Users should not follow the instructions of the people responsible for spreading malware threats, as they could simply incur a significant monetary loss in addition to the already encrypted valuable files without getting anything in return.

The full text of the message left by WExtension Ransomware is:

'----> Chaos is multi language ransomware. Translate your note to any language <----
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com

Payment informationAmount: 0.1473766 BTC
Bitcoin Address:
'