Want Money Ransomware-Threat In Detail
Want Money is the file extension that is appended to the encrypted files on the attacked computer systems. This ransomware associated with this extension belongs to the “hc” ransomware family. Like other ransomware threats, “. GOTYA” also leaves a ransom note that instructing users on how to payoff the ransom fee and restore the files back.
Want Money is a Ransomware threat that encrypts files on the target computer system and demands ransom fee as to restore the files back. The ransomware drops two files named as:
- _Want Money_.bmp
- _Want Money_.txt
The files states that “All files have been encrypted” and the extortionists demands a ransom of 0.1 Bitcoin that is around 1,100 US dollars.
Security Experts doesn’t recommend you pay the fine. There is no guarantee that paying the ransom will give you access to your files. Remove Want Money immediately.
|Name||Want Money Ransomware|
|Description||Want Money Ransomware encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.|
|Occurrence||spam mail attachments., exploit kits, malicious links and java script codes..|
|Possible Symptoms||The ransom note can be seen on desktop and other file directories and files could not be accessible.|
|Detection Tool||Download the Detection tool– To confirm attack of Want Money Ransomware virus on your computer.|
Want Money Ransomware is distributed through spam mail attachment as a malicious script containing the payloads of the malware which if executed by the user could install the threat onto the computer system. Many cyber-criminals uses spam techniques to trick users by heading the mail as any invoice or shipment. Other sources might include visiting infected websites containing java script codes, exploit kits and spam bots. As you open the document or click the link, the payloads of Want Money Ransomware gets downloaded on the system and installed without any user’s permission. If the user open/execute this file on their device, then the virus gets installed and your PC will become infected with Want Money file-encrypting Ransomware threat.
More about Want Money Ransomware
Want Money Ransomware is a file-encrypting program that searches for important files on the victim’s PC and renders them non-accessible to users. And further ask users to pay the ransom to get the decryption key and unlock the files.
The ransomware changes the windows Registry entries to launch each time the window’s starts and takes up huge system resources to encrypt the files. Want Money Ransomware drops two files named as:
- _Want Money_.bmp
- _Want Money_.txt
The files contains the ransom note and instructions for users on how to contact the authors of the ransomware and get their files back.
The ransom Note says:
Can not find the file you need?
Can not open your file?
Do not worry, all your files are only encrypted by “Want Money Ransomware.”
Want to retrieve all your files? You only have to pay a small fee
Send 0.1 bitcoins to the following address:
After payment send e-mail to the specified e-mail address
E-mail address: B32588601@163.com
Mail title: Request to decrypt
E-mail content: Your ID + your payment information
After sending you will get a reply, reply to the message contains the Key, please enter in the input box to decrypt the file.
What is Bitcoin? Please go to Baidu or Google search for details
There are more questions? Please contact email: B32588601@163.com
note! Please do not modify the file after the stop, or the file will not be restored, try not to restart the system.
There is also a GUI interface that notifies users about the Encryption:
The ransom note by Want Money virus states that your documents has been encrypted and you need to pay a ransom in Bitcoins to get back your files. The ransom demands varies for the user and the victims should contact with the provided email address as soon as possible.
List of file extension encrypted
→.txt, .doc, .docx, .xls, .xlsx, .pdf, .pps, .ppt, .pptx, .odt, .gif, .jpg, .png, .db, .csv, .sql, .mdb.sln.php, .asp, .aspx, .html, .xml, .psd, .frm, .myd, .myi, .dbf, .mp3, .mp4, .avi, .mov, .mpg, .rm, .wmv, .m4a, .mpa, .wav, .sav, .gam, .log, .ged, .msg, .myo, .tax, .ynab, .ifx, .ofx, .qfx, .qif, .qdf, .tax2013, .tax2014, .tax2015, .box, .ncf, .nsf, .ntf, .lwp, .crt, .csr, .flv, .key, .mdb, .mkv, .mpeg, .pem, .pptm, .sqlite3, .sqlitedb, .tif, .wma, .xlm, .xlsm, .xltm
Want Money Ransomware uses AES encryption algorithm to encrypt data and appends random extensions to it. The crypto-malware ensures that the user could be able to recover the files from shadow volume copies, so it deletes the files by executing the command
→vsWant Moneymin.exe delete shadows /all /Quiet