Wyvern Ransomware

An encryption ransomware Trojan known as the Wyvern Ransomware is being used to carry out attacks against computer users. The Wyvern Ransomware is a variant of BTCWare, a known ransomware Trojan. The purpose of the Wyvern Ransomware is to infect the victims' computers, encrypting the victim's files and then demanding the payment of a large ransom in Bitcoins. Other BTCWare variants demand ransom payments that range from hundreds to thousands of dollars. The Wyvern Ransomware is probably being distributed through spam email attachments or attack websites, which infect the visitors' computers with the Wyvern Ransomware. Unfortunately, once the Wyvern Ransomware encrypts the files, they will not be recoverable without the decryption key. That is, a reliable security program will remove the Wyvern Ransomware infection itself, but will not do anything to help computer users recover the files encrypted by the Wyvern Ransomware attack. Because of this, computer users must have backup methods to ensure that the files affected by the Wyvern Ransomware attack can be restored following a Wyvern Ransomware infection.

How the Wyvern Ransomware Encrypts the Victims' Files

BTCWare has been active since early 2017. The Wyvern Ransomware, just the latest variant in this threat family, first appeared on September 21, 2017. The previous variant of BTCWare was known as the Nuclear Ransomware and carries out an attack nearly identical to the Wyvern Ransomware. Like other BTCWare variants, the Wyvern Ransomware infects the victim's computer and then uses a though encryption to make the victim's files inaccessible. The files encrypted by the Wyvern Ransomware attack will be easy to identify because the Wyvern Ransomware will append a new file extension to their names, typically renaming them by adding the following string to each affected file's name:

.[email address]-id-[victim's ID].wyvern

The latest variant of the Wyvern Ransomware uses the decryptorx@cock.li email address. Victims are asked to contact the con artists at this email address to obtain information on how to recover from a Wyvern Ransomware attack. However, contacting the people behind the Wyvern Ransomware is not recommended. There is no commitment that they will keep their word and help victims of the Wyvern Ransomware attack recover after the Wyvern Ransomware infection. In its attack, the Wyvern Ransomware will target the user-generated files, while leaving the victim's operating system functional. The following are some examples of the file types that will be encrypted by Wyvern Ransomware in its attack:

'PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG'

Dealing with the Wyvern Ransomware

To recover from a Wyvern Ransomware attack, it is important to restore the affected files from a backup copy. Having backup copies of all important files is essential in protecting your PC from threats like the Wyvern Ransomware. This, combined with a reliable anti-virus program, is the best way to make sure your data is safe.