- Home
- Detectable Ransomware
- WannaRen
Ransomware Research
WannaRen Ransomware
WannaRen is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on April 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: WannaMine.
Quick Facts
- Ransomware Family
- WannaRen
- First Seen
- April 1, 2020
- Known Aliases
- WannaMine
How WannaRen Ransomware Works
Targeted Files
x86 dll, protected with VMProtect
File Encryption Patterns
WannaRen modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..WannaRen
Ransom Note and Payment Demands
After encrypting files, WannaRen displays ransom notes demanding payment for file recovery:
Ransom message:
notes/note.txt
想解密请看此文本.txt
Ransom message:
notes/想解密请看此文本.txt
Note locations:
EveryFolder
想解密请看此文本.gif
Ransom message:
notes/想解密请看此文本.gif
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with WannaRen ransomware:
@WannaRen@.exe
es.exe
wwlib.dll
wwlib.bin
Elastio Can Help You
Don't let WannaRen ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This WannaRen ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like WannaRen.
Last updated: July 30, 2025