Home Malware Programs Ransomware WSHLP Ransomware

WSHLP Ransomware

Posted: August 31, 2020

The WSHLP Ransomware is a file-locking Trojan from the Ransomware-as-a-Service family, Dharma Ransomware. Victims of its attacks may see ransom notes, changes to files' extensions, and may not open their media, such as documents. Most anti-malware products will remove the WSHLP Ransomware, but safe backups are a frequently-mandatory solution for recovering data.

A Re-Release of the Software that the World Didn't Need

Consistency between iterations, easy-to-use business models, and long-term maintenance are the hallmarks of Ransomware-as-a-Services. For Trojan families like the Dharma Ransomware (or the Crysis Ransomware, referencing the original Trojan-builder kit), these characteristics guarantee recurring service from agreeable threat actors. As the WSHLP Ransomware, another member of that family shows, the RaaS industry is thriving as 2020 rolls onwards.

The WSHLP Ransomware's family is a highly-active one, with similar campaigns in the same year showing in the 2NEW Ransomware, the GET Ransomware, and the Prnds Ransomware, and the Xati Ransomware. These names change according to one of the group's symptoms: modifying extensions with e-mail addresses and an attacker-chosen string. More importantly, Trojans from the WSHLP Ransomware's family block the files with a robust encryption combination. The attack hones in on digital media formats like documents and pictures and may damage other content, except the Windows OS.

The WSHLP Ransomware's behavior, otherwise, is within the bounds of what malware experts previously noted of the Dharma Ransomware RaaS. It creates standardized HTA pop-up and TXT (text) ransom notes and asks for hundreds of Bitcoins for selling the file-unlocking service. Victims also may note other side effects, including Windows security features no longer functioning, due to Registry changes, and the securely-deleted Restore Point backups.

Redirecting the Ransoms that Fuel Trojan Operations

Local backups are at risk of experiencing deletion, corruption, or encryption from almost all families' file-locker Trojans. Users should consider backups on secure, non-local devices as the best immediate counter to Trojans blocking their media files. Malware experts recommend most removable media and sufficiently-protected cloud services as effective antidotes for both the WSHLP Ransomware and all known Dharma Ransomware releases.

For day-to-day computer use, means of limiting contact with a WSHLP Ransomware drive-by-download attack include all the following:

  • Disabling browser features that are highly-exploitable (Flash, Java, JavaScript)
  • Ignoring download prompts from unusual or illicit resources
  • Not enabling macros on documents, e-mailed ones, especially
  • Installing software patches regularly

Disguises in use for file-locking Trojans may include world news scams like COVID-19-tracking tools or articles or more-specialized attacks like tailor-made 'work' documents. Since the WSHLP Ransomware is Windows software, most well-known anti-malware programs for that OS should delete the WSHLP Ransomware infections and prevent attempted ones.

The WSHLP Ransomware is neither a shocking development for the RaaS sector nor anything for taking lightly. A Trojan with reused code works just as well as its recent ancestors and makes for the same problems for anyone without data-sparing preparations in place.

Loading...