Back to SonicALERT
Whycry Ransomware Spotted in the Wild (Jun 15, 2017)
Description
The SonicWall Threats Research team observed reports of a new variant
family of Whycry Ransomware [GAV: Whycry.RSM] actively spreading in the wild.
Whycry
encrypts the victims files with a strong encryption algorithm until the
victim pays a fee to get them back.
Infection Cycle:
Once the computer is compromised a fake Windows Update Screen will show up,
to try and trick targets into leaving their PC running:
The Malware encrypts all personal documents and files it shows the
following webpage:
The malware states that your files are encrypted and that you must pay $300
US dollars in the Bitcoin currency for potentially unlocking your files.
Also, there is a threat that states that if you turn off your computer you
will lose your files, but that threat it�s empty.
During our research we discovered the malware uses a master key for its own
decryption:
SonicWall Gateway AntiVirus provides protection against this threat via the
following signatures:
Back to top
Back to SonicALERT