Home Malware Programs Ransomware Wiki Ransomware

Wiki Ransomware

Posted: October 21, 2019

The Wiki Ransomware is a file-locker Trojan from the family of the Dharma Ransomware. Its attacks are capable of locking your PC's media, including text such as documents or spreadsheets, pictures, audio, and other content. Users should prepare secure backups as a precaution and have anti-malware programs remove the Wiki Ransomware upon detection.

Using Windows Features for Ill

Windows is a powerful operating system with many features that a casual user would have little need of, such as BitLocker's full volume encryption. A threat actor is hiring a version of one of the most prominent Ransomware-as-a-Service families for turning that feature into extortion, showing how a technical benefit can turn into a security issue. The Wiki Ransomware is just beginning its circulation in late October, with multiple disguises and indeterminate victims.

Executable installers for the Wiki Ransomware include fake Adobe copyright details, as well as names such as 'UnsolicitedAntialiased' and '1Black.' There also are typoes in its English description, which suggests the Trojan's pretending that it's content, such as a news article, related to artillery equipment. Once the installation finishes and the Wiki Ransomware establishes its Registry persistence, it conducts attacks as of the SOP of the Dharma Ransomware family.

The Dharma Ransomware – also referable by its encompassing group name of the Crysis Ransomware – searches compromised PCs for digital media formats, including pictures or documents. It then modifies them with AES and RSA encryption that's, generally, secure, although rare instances of attacks may have compatibility with freeware unlocking solutions.

The 'wiki' in UnsolicitedAntialiased's name is from the extension that it adds to these files' names, which changes in every variant of the family. However, malware experts also noted a somewhat-mocking choice of e-mail for the ransom negotiations, with 'bitlocker' referencing to Windows's built-in encryption feature.

Escaping the Least Informative Wiki

The Wiki Ransomware's use of fake file information is a possible shoring up of infection vectors that require the user's permission before continuing, such as a misnamed e-mail attachment or torrent. However, file-locking Trojans are also in distribution through hackings of non-securely-configured Web servers and other vulnerable targets. Furthermore, ransoms paid to the Wiki Ransomware's threat actor aren't a guarantee of getting one's files restored, just as is also true of dozens of related threats, such as the Group Ransomware, the Drweb Ransomware, the Wal Ransomware and the 'amagnus@india.com' Ransomware.

Files worth paying for recovering should have backup copies on another device, preferably, one that Trojans like the Wiki Ransomware can't target over a local network. For preventing infections, malware researchers also recommend monitoring firewall and RDP settings, using unique and secure passwords, and avoiding downloads with suspicious origins. There's no information on the current ransom demands for the Wiki Ransomware, although hundreds to thousands of dollars aren't uncommon.

Windows users also should depend on favored anti-malware solutions for handling infections and removing the Wiki Ransomware. Even this early in its life cycle, its samples are receiving appropriate flags from a slim majority of AV tools.

Like a poorly-maintained wiki, the Wiki Ransomware offers nothing but misinformation for anyone who's reading what it has to say about itself. It's much better to entrust identifying threats and suspicious files with the appropriate security technology if you don't want to risk a ransom.

Related Posts

Loading...