WiKon Ransomware
Infosec researchers are warning computer users about a new malware threat tracked as WiKoN Ransomware. This ransomware is capable of encrypting the victim's files and appending the '.WiKoN' extension to the original filenames. Additionally, the ransomware changes the victim's desktop wallpaper and creates a 'HOW TO DECRYPT FILES.txt' file, which contains the ransom note. When WiKoN successfully infects a system, it also displays an error message containing the ransom note. This error message is used to intimidate the victim into paying the ransom. The WiKoN Ransomware is not an entirely unique threat, as analysis has revealed that it is part of the Xorist Ransomware family.
The WiKoN Ransomware Demands a Cryptocurrency Payment from Victims
The ransom note that victims of this attack receive provides clear instructions on what they need to do to initiate the decryption process. According to the ransom note, victims' files have been encrypted and the only way to recover them is by paying a ransom of 0.05 Bitcoins.
To pay the ransom, the victim is required to send the specified amount to a Bitcoin wallet address provided in the ransom note. Once the payment has been confirmed, the victim must then contact the threat actor via the email address provided to receive the decryption tool and keys for decryption.
It is important to note that the ransom note also warns that victims must pay the ransom within two days, otherwise, the decryption keys will be permanently deleted, and the victim will lose any chance of recovering their files.
While agreeing with the payment of the ransom may seem like the only option, it is important to remember that there is no guarantee that the attackers will provide the decryption tool even after receiving payment. Therefore, paying the ransom is not a recommended course of action, and victims should instead consider seeking the help of a cybersecurity professional to help them recover their files.
Swift Action is Required to Minimize the Damage Caused by Threats Like the WiKoN Ransomware
Ransomware attacks can cause significant damage to users' devices and data, and as such, it is important for users to take steps to mitigate the potential damage caused by such attacks. The best approach to mitigating the damage caused by ransomware involves taking proactive measures to prevent the ransomware from infecting your device in the first place, as well as having a plan in place in case of an attack.
Firstly, users should take preventative measures such as keeping their operating systems and applications up to date, using reputable anti-malware software, avoiding suspicious websites and email attachments, and implementing strong passwords and multi-factor authentication.
Additionally, users should regularly back up their data and keep those backups in a secure location. This will enable them to restore their data in the event of an attack without having to pay the ransom.
It is also important for users to have a strategy in place in case of an attack. This should include steps such as disconnecting the infected device from the network, reporting the attack to the relevant authorities, and seeking the help of a cybersecurity professional to help with the recovery process.
The ransom-demanding messages dropped by WiKoN Ransomware have the following text:
'ATTENTION!
All your files have been encrypted
And their decryption will cost you 0.05 bitcoin.To start the decryption process follow the steps below
Step 1) Make sure you send 0.05 bitcoin to this wallet:
bc1q0u997r79ylv9hrc7zcth0mvr3mjua6324hxnkcStep 2) Contact me at this email address: wikon@tuta.io
With this Subject: -After the payment has been confirmed,
you will receive the decryptor and the keys for decryption!Other information:
If you don't own bitcoin, you can buy it here very easily
www.coinmama.com
www.bitpanda.com
www.localbitcoins.com
www.paxful.comYou can find a larger list here:
hxxps://bitcoin.org/en/exchangesIf the payment is not made in 2 days, I will consider that you do not want to decrypt your files,
and therefore the keys generated for your PC will be permanently.deleted.'
