Wooly Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 7,569 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 675 |
| First Seen: | August 29, 2017 |
| Last Seen: | September 17, 2023 |
| OS(es) Affected: | Windows |
PC security researchers first observed the Wooly Ransomware in August 2017. The Wooly Ransomware carries out a basic encryption ransomware attack, targeting the victim's files and encrypting them with a strong encryption algorithm to demand the payment of a ransom. The Wooly Ransomware seems related to the Kuntzware Ransomware Trojan, which is nearly identical to this Trojans except for the usage of a different set of Command and Control servers. It is likely that the Wooly Ransomware is still unfinished since several aspects of this threat seem still under development.
Table of Contents
How the Wooly Ransomware Infects a Computer
Analyzing the Wooly Ransomware's code, it seems that the Wooly Ransomware is designed to use the AES 256 encryption so that the victim's data become unusable. However, it seems that the Wooly Ransomware's network communication and decryption components are not finished. At this time, one is not capable of knowing what the complete version of the Wooly Ransomware might look like. However, the Wooly Ransomware is capable of encrypting the victim's files, making it a threat to the victim's data. The Wooly Ransomware is capable of applying its encryption components to the following file types:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The Wooly Ransomware will rename the files encrypted by its attack. The Wooly Ransomware will add the file extension '.wooly' to the end of the file's name. It is possible that as the Wooly Ransomware is further developed, new file markers or other features may be added to the Wooly Ransomware attack.
The Wooly Ransomware’s Similarities with the Kuntzware Ransomware
Although the Wooly Ransomware is unfinished, there are ways to predict where it might be developed due to its similarities with Kuntzware. One aspect of Kuntzware that was unique, and that may be implemented in the Wooly Ransomware, is the inclusion of a script that searches for file backups and data synchronized on the cloud specifically. The best you can do against ransomware Trojans is to have file backups on external memory devices or the cloud. Threats like the Wooly Ransomware may react to this protection by using scripts that try to compromise backed up data specifically. However, it is still impossible to know how the Wooly Ransomware will be developed since it still under development currently. The amount and characteristics of the Wooly Ransomware's possible ransom demands still also are unknown.
Protecting Your Computer from the Wooly Ransomware and Similar Threats
File backups are the best protection against any ransomware. However, not every backup method will be effective against the Wooly Ransomware and similar threats. It is necessary to ensure that the file backups on the cloud are not synced. Otherwise, the Wooly Ransomware may target directories that are synced with free cloud services such as Dropbox and Google Drive, also encrypting the backups stored in the cloud. To make the backups untouchable, make sure that they are not synced and use password protection to block them from being accessed by the Wooly Ransomware. Additionally, an external memory device such as an external hard drive apart from the victim's PC is probably the best way to ensure that your data is protected against threats like the Wooly Ransomware. These file backups are inexpensive and invaluable after a threat attack since they remove any power the extortionists have over their victims during a ransomware Trojan infection.
