World Ransomware
The World Ransomware is yet another Dharma Ransomware variant that has been unleashed in the wild. As such, it is mostly an identical copy of the Dharma Ransomware, but that in no way diminished its destructive capabilities. It can lock users out of their computers effectively by encrypting the stored files with an uncrackable encryption algorithm.
The World Ransomware follows the Dharma Ransomware pattern when it comes to renaming the files it encrypts. In practice, this means that each locked file will have a string of characters that represents the unique ID of the victim attached to its original filename. What follows is an email address that can serve as a communication channel between the affected users and the hackers behind the World Ransomware. The email address is 'worldsnake@cock.li.' Finally, the threat appends '.world' as the new extension of the file. Another typical aspect of the Dharma variants that the World Ransomware retains is the delivery of its ransom note in two shapes - as text files and in a pop-up.
The text files received the names 'FILES ENCRYPTED.txt', and they will be dropped in every folder containing encrypted data. Opening them will provide the victims of the threat with little useful information, as the text inside simply states to contact the aforementioned 'worldsnake@cock.li' address. The ransom note found in the pop-up window also fails to provide an alternate email, but it does have a section with several warnings. Users should abstain from tampering with the encrypted files' names or trying to restore them through third-party tools that could cause irreversible damage.
The ransom note's full text is:
'YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link: email worldsnake@cock.li YOUR ID -
If you have not been answered via the link within 12 hours, write to us by email:worldsnake@cock.li
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The instructions placed inside the 'FILES ENCRYPTED.txt' files are:
'all your data has been locked us
You want to return?
write email worldsnake@cock.li'
The message in the pop-up window goes into more detail. The malware authors explain the virus encrypted files and details how victims can restore them. Each victim is assigned a unique ID they should quote when contacting the attackers.
The end of the message contains the usual warnings one would expect to see. Victims are told to avoid attempting to rename or recover files by themselves because it could cause permanent data loss. There's no other information in the note, however. There's no word on how much the ransom will cost or how victims should pay it. There isn't even the usual promise of free decryption of small files to establish trust.
Table of Contents
Should Victims Pay the Ransom?
Paying the ransom is the last thing a victim should do. There is no guarantee that they will live up to their end of the deal and provide you with a decryption tool. Even if the criminals do send a tool or key, there's no guarantee it will work. Meeting the demands of attackers leaves you with no money and no data.
Another problem with paying the ransom is that hackers, like most criminals, follow the money. Paying them once tells them you are likely to do it again, encouraging them to keep targeting you. The attackers could send additional malware or ransomware to you to scam you too.
What to do if Your Computer is Infected
It would be best to deal with any malware that gets on your computer as quickly as possible. Professional antimalware and antivirus programs can remove viruses such as World ransomware. On top of that, they can also prevent viruses from getting on the system in the first place.
Removing the ransomware is an essential first step, but unfortunately, it won't undo the encryption. You will have to use an external data backup for that. Either connect a USB device, recovery disk or pull files from the Cloud. You should consider creating backups of the encrypted files in case security researchers create a public decryption tool.
How to Avoid Ransomware Infections
The internet isn't as safe as many would like to believe. There's always some malware hiding somewhere waiting to attack your computer. Malicious files are found on malicious websites, file-sharing platforms, torrenting websites, and other known sources. With that said, the most common infection vector for cybercriminals is spam emails. Criminals sound emails by the tens of thousands with spam campaigns.
Everyone has gotten spam emails at some point in their life. Many email platforms offer a separate folder for these spam emails. Some messages manage to bypass this initial security and end up in your inbox. You should never open or interact with a spam email as it could likely infect your computer.
These spam emails contain malicious hyperlinks and infected attachments. Hackers write emails to trick you and make you click on these links and files. Please never open email attachments or links from suspicious spam emails. Cybercriminals prey on naivety – don't let them prey on yours.
