ws Ransomware

By GoldSparrow in Ransomware

Malware experts have detected a brand new data-encrypting Trojan being distributed online. It is called the ws Ransomware, and when researchers took it upon themselves to dissect this new ransomware threat, they concluded that it is likely that the ws Ransomware is, in fact, a variant of the popular ZQ Ransomware.

It is not known with certainty what the exact propagation method of the ws Ransomware is. However, it is believed that it may involve faux updates, corrupted pirated software, and emails with infected attachments. In case the ws Ransomware succeeds in infiltrating your machine, it will start the attack by scanning your computer. The scan is performed to locate all the files, which fit the file types that the ws Ransomware is programmed to lock. Once located, the files targeted would start undergoing the encryption process of the ws Ransomware. Upon locking them, the ws Ransomware adds the '.[].ws' extension to the affected files. This means that a picture named 'pacific-sunset.jpeg previously would be called 'pacific-sunset.jpeg.[].ws' once the ws Ransomware is done encrypting it. When the ws Ransomware completes the encryption process, it drops off a ransom note. The note is called '{HELP24DECRYPT}.txt.' The authors of ransomware threats often use all caps when naming their ransom notes to ensure the victim does not miss it. The ws Ransomware's note is very short and concise. The attackers do not specify a sum demanded; instead, they only ask the user to contact them via email on

If you reach out and get in touch with the attackers, as they demand, they will likely trick you out of your money. It is a common occurrence for cybercriminals not to hold to their end of the deal. A better option is to make sure you download and install a reputable anti-spyware suite and clear your computer.

1 Comment

I was able to decrypt the files! 🙂

Related Posts


Most Viewed