Whoopsie Ransomware

The Whoopsie Ransomware is an encryption ransomware Trojan that was first observed by PC security researchers on June 30, 2018. The Whoopsie Ransomware seems to be a low-level threat that may be unfinished, due to its poor design and implementation. The Whoopsie Ransomware's distribution also has been quite limited. The Whoopsie Ransomware, like most threats similar to this ransomware Trojan, are delivered by spam email attachments, which often take the form of corrupted files with embedded macro scripts. Because of this, one of the most important aspects of preventing the Whoopsie Ransomware attacks is to take precautions when dealing with unsolicited email attachments.

What are the Consequences of a Whoopsie Ransomware Infection

The email messages used to deliver the Whoopsie Ransomware tend to use social engineering tactics to lure computer users into downloading and opening a damaged attached file. When the victim opens the file, the Whoopsie Ransomware will be downloaded and installed onto the victim's computer. The Whoopsie Ransomware will scan the affected PC's hard drives in search for the user-generated files that will match a list of file extensions in the Whoopsie Ransomware's settings. The Whoopsie Ransomware will use the AES encryption to make the victim's files inaccessible. The files targeted by threats like the Whoopsie Ransomware inlude:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Whoopsie Ransomware will mark files encrypted by its attack by adding the file extension '.whoopsie' to each affected file.

The Whoopsie Ransomware’s Ransom Note

The Whoopsie Ransomware will deliver its ransom note in the form of a program window titled 'Whoopsie,' which contains the following message:

'Do NOT close this Window! (otherwise, your Files are gone for ever cant be recovered!)
Your files has been encrypted with the Advanced Encryption Standard (AES)
and can't be decrypted without a specific key (in this case a random generated String)
How to get the key?
Its easier than it seems! Just pay a small fee of 50€ in BTC to [payment address]
and you will get your decryption key
[Enter Key|BUTTON] [End it!|BUTTON]'

Computer users are not counseled to pay the Whoopsie Ransomware ransom. There is no indication that the criminals responsible for the Whoopsie Ransomware attack will help the victims recover their files, and they are equally likely to ask for more money or target the victim with additional ransomware threats and other malware.

Preventing the Whoopsie Ransomware and Similar Threat Attacks

To prevent attacks like the Whoopsie Ransomware you need to have file backups stored on the cloud or externally. Having file backups allows computer users to restore their files without having to contact the criminals responsible for the attack. Apart from file backups, PC security researchers strongly advise computer users to install and use a security app that is fully up-to-date, which can intercept the Whoopsie Ransomware and similar threats before they compromise the victim's files.