WannaRen is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on April 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: WannaMine.
Quick Facts
Ransomware Family
WannaRen
First Seen
April 1, 2020
Known Aliases
WannaMine
How WannaRen Ransomware Works
Targeted Files
x86 dll, protected with VMProtect
File Encryption Patterns
WannaRen modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..WannaRen
Ransom Note and Payment Demands
After encrypting files, WannaRen displays ransom notes demanding payment for file recovery:
message
Ransom message:
notes/note.txt
file想解密请看此文本.txt
Ransom message:
notes/想解密请看此文本.txt
Note locations:
EveryFolder
file想解密请看此文本.gif
Ransom message:
notes/想解密请看此文本.gif
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with WannaRen ransomware:
@WannaRen@.exe
es.exe
wwlib.dll
wwlib.bin
Elastio Can Help You
Don't let WannaRen ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This WannaRen ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like WannaRen.