Willow Ransomware

Willow Ransomware Description

Type: Ransomware

The Willow Ransomware threat is a new potent malware uncovered by infosec researchers. The threat operates as typical ransomware - it aims to lock the files of its victims through a strong encryption algorithm. The targeted file types will become inaccessible, and victims will no longer be able to use their documents, databases, archives, photos, images, etc. The hackers responsible for deploying the threat will then extort the affected users for money to help restore access to the locked data.

As part of its nefarious functionality, the Willow Ransomware changes the names of the encrypted files by appending '.willow' as a new extension. To make sure that the affected users see the instructions of the hackers, the threat delivers two ransom notes with nearly identical messages. The first one will be displayed in an image that will replace the current desktop background. The second note will be contained inside a newly-created text file named 'READMEPLEASE.txt.'

Ransom Note's Details

The two notes have very minor differences in the text but all of the important details are the same. The hackers want to be paid a ransom of exactly $500. However, victims must send the money using the Bitcoin cryptocurrency to the provided crypto-wallet address. At the current Bitcoin exchange rate, the ransom stands at 0.1473766 BTC. Keep in mind that Bitcoin is volatile inherently and its valuation can change rapidly. The Willow Ransomware hackers warn that if their demands are not fulfilled, the encrypted files will be deleted and users will lose their data completely.

The full text of the message found inside the 'READMEPLEASE.txt' file is:

'Hello lad. I, Willow Wolf, encrypted your files yet again.
But as I'm good now, I done it because I think you are an threat to The Silver Paw
and The Safe Place. Most of your files are encrypted.
Pay me $500 in some way. If not - I'm sorry, you'll lose your files, and any
decryptor key is totally useless.

Payment information:

Amount: 0.1473766 BTC
Bitcoin Address:

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Willow Ransomware

File System Details

Willow Ransomware creates the following file(s):
# File Name MD5 Detection Count
1 file.exe a31b18f6f5e28a05b92e29d3f2feb6e8 1

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.