Threat Database Ransomware Whatafuck Ransomware

Whatafuck Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 560
First Seen: June 1, 2017
Last Seen: July 20, 2020
OS(es) Affected: Windows

The Whatafuck Ransomware is a ransomware Trojan that is designed to encrypt its victims' data, making it inaccessible, and then demanding the payment of a large ransom to restore the affected files. The Whatafuck Ransomware takes its victims' data hostage until the victims pay a ransom, a typical attack used by most encryption ransomware Trojans. PC security analysts first received reports of the Whatafuck Ransomware infections in May of 2017. The Whatafuck Ransomware seems to be an independent ransomware infection, not part of a larger family of ransomware or a RaaS (Ransomware as a Service) family. The Whatafuck Ransomware attacks seem to be centered in Russia and Russian speaking countries. However, the Internet has no borders, and computers users outside of Russia are equally likely to become infected with the Whatafuck Ransomware since it may promote similar attacks in other countries. The most common way in which the Whatafuck Ransomware is being distributed to victims is through corrupted email attachments that use corrupted macros to download and install the Whatafuck Ransomware onto the victim's computer.

How a Whatafuck Ransomware Infection Works

The Whatafuck Ransomware receives its name because the ransom note this threat uses is contained in a text file named 'WHATAFUCK.txt,' which is dropped on the infected computer's desktop. This note contains a very short message, written in Russian, which translates to:

'To decrypt write to helppppppp@meta.ua'

The Whatafuck Ransomware uses a combination of the RSA and AES encryption algorithms to make the victims' files unusable completely. Once the Whatafuck Ransomware has encrypted the victims' files, it demands that the victim contacts the con artists at the email address contained in its ransom message. PC security researchers reported that the people responsible for the Whatafuck Ransomware attack had demanded ransoms ranging from 1000 Rubles ($18 USD) to 6000 Rubles (approximately $110 USD). The files encrypted by the Whatafuck Ransomware attack can be identified easily because the Whatafuck Ransomware will add the file extension '.+++helppppppp@meta.ua' to each file encrypted in the attack. The Whatafuck Ransomware will target a wide variety of file types with its encryption algorithm, typically looking for user-generated files such as videos, music, and Microsoft Office documents. The following are some of the file formats the Whatafuck Ransomware will target in its attack:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

Dealing with a Whatafuck Ransomware Infection

Unfortunately, it may not be possible to recover files that have been encrypted by the Whatafuck Ransomware currently. However, computer users should refrain from contacting these con artists or paying any ransom. The people responsible for these attacks may ignore the victims' payments or even demand more money. Furthermore, paying the Whatafuck Ransomware ransom simply allows con artists to continue creating these threats and claiming more victims. Instead of paying the Whatafuck Ransomware ransom, take preventive measures to ensure that you can recover from an attack in the future. The best protection against the Whatafuck Ransomware and similar threats is to have backup copies of your files. Having the ability to restore the files from a backup is the best protection against the Whatafuck Ransomware and other ransomware Trojans because it completely removes any power from the con artists, preventing them from holding the victim's files hostage. A reliable security program that is fully up- to-date also should be used to intercept the Whatafuck Ransomware and other threats.

Trending

Most Viewed

Loading...