Dsherer

Ransomware with .wtf extension

Recommended Posts

I have a client that got hit with ransomware with the extension .wtf 

ID Ransomware gives me this

image.png.65fb30a03e0537598a3b1afd72500709.png
Download Image

I have attached an encrypted fiile. The same file that isn't encrypted and the HOWTODECRYTPFILES.HTML I really need a decryptor for this as I was not able to restore all the data. Is there any chance of this happening?

HOWTODECRYPTFILES.html

Osha checklist.doc

Osha checklist.doc.wtf

Share this post


Link to post
Share on other sites

I too have a client that was infected with the same ransomware. The file ext is .wtf. Unfortunately it appears to be a new type and there are no decryption keys available to date.

The html file calls it Dangerous Ransomware. If there is a resolve to this threat please contact me.

HOWTODECRYPTFILES.html

Share this post


Link to post
Share on other sites

It looks like a new variant of Cry36. I'll ask our malware analysts if they need any information about it.

  • Like 1

Share this post


Link to post
Share on other sites

I don't think they need any more information, however let's try getting a log from FRST just to make sure it doesn't show anything new. You can find instructions for downloading and running FRST at the following link:
https://helpdesk.emsisoft.com/Knowledgebase/Article/View/274/55/running-a-scan-with-frst

Share this post


Link to post
Share on other sites

Unfortunately the client's computer was reformatted and a new install had to be preformed. I do have the data files stored elsewhere just in case you have a decryption key.

Share this post


Link to post
Share on other sites

As far as I am aware, the only way to obtain a decryption key for this particular ransomware is to get it from the criminals who made the ransomware.

Share this post


Link to post
Share on other sites

There hasn't been any news that I am aware of. If there are any new developments with this (or any other) ransomware, then BleepingComputer will almost certainly publish information about it, so I recommend keeping an eye on their news feed so that you see any new information as soon as it is available:
https://www.bleepingcomputer.com/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.