WantToCry Ransomware Encrypts Most File Types

WantToCry is a type of ransomware designed to encrypt data and modify filenames by adding the extension ".want_to_cry." Upon encryption, the ransomware presents victims with a ransom note named "!want_to_cry.txt," containing contact details and payment information. As an example of its file-renaming process, WantToCry transforms "1.jpg" into "1.jpg.want_to_cry" and "2.png" into "2.png.want_to_cry."

The ransom note offers to decrypt the files for a fee of 300 USD. To initiate the decryption process, the victim is directed to a specific website to download and install qTOX software on their PC. They are then guided to create a new profile, add a designated contact, and send a message with a provided string.

Furthermore, the victim is advised to send three test files of limited size directly, as the ransomware operators do not accept download links from third-party sources or very large files, such as database files. In return for this communication, the operators assure the victim of providing payment instructions and decrypted files. The demanded payment is in the form of Bitcoin cryptocurrency.

WantToCry Ransom Note in Full

The complete text of the ransom note generated by WantToCry reads as follows:

All your data has been encrypted by --WantToCry-- r@n50mw@re

You can buy decryption of all files for 300 USD.

For this:

Visit hxxps://tox.chat/download.html

Download and install qTOX on your PC.

Open it, click "New Profile" and create profile.

Click "Add friends" button and search our contact -

963E6F7F58A67DEACBC2845469850B9A00E20E4000CE71B35DE789ABD0BE2F70D4147D5C0C91

Send a message with this string:

Send 3 test files. These should be files of no more than 20-30 MB each. We do not accept download links from third-party resources. We do not accept very large files, such as database files.

In response, we will send payment instructions and decrypted files. Payment is made in the Bitcoin cryptocurrency.

How Can You Proactively Guard Your Data Against Ransomware?

Proactively guarding your data against ransomware involves implementing a combination of preventative measures and best practices. Here are some steps you can take to enhance your data security:

Regular Backups:
Regularly back up your critical data and ensure that backups are stored offline or in a separate, isolated environment. This makes it harder for ransomware to target both your primary data and backups.

Update Software and Systems:
Keep your operating system, antivirus software, and all applications up to date. Regularly applying security patches helps address vulnerabilities that ransomware might exploit.

Use Antivirus and Anti-Malware Software:
Install reputable antivirus and anti-malware software and keep it updated. These tools can help detect and prevent ransomware infections.

Network Security:
Implement strong network security measures, including firewalls, intrusion detection and prevention systems, and virtual private networks (VPNs) to protect against unauthorized access.

Access Controls:
Restrict user access to the minimum necessary for their roles. Limit administrative privileges to reduce the impact of a potential ransomware attack.