Ransomware Research
WannaRen Ransomware
WannaRen is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on April 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: WannaMine.
Quick Facts
- Ransomware Family
- WannaRen
- First Seen
- April 1, 2020
- Known Aliases
- WannaMine
How WannaRen Ransomware Works
Targeted Files
x86 dll, protected with VMProtect
File Encryption Patterns
WannaRen modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..WannaRenRansom Note and Payment Demands
After encrypting files, WannaRen displays ransom notes demanding payment for file recovery:
Ransom message:
notes/note.txt
想解密请看此文本.txtRansom message:
notes/想解密请看此文本.txt
Note locations:
EveryFolder想解密请看此文本.gifRansom message:
notes/想解密请看此文本.gif
Note locations:
EveryFolderTechnical Indicators
Associated Executable Files
The following executable files are associated with WannaRen ransomware:
@WannaRen@.exees.exewwlib.dllwwlib.bin
Elastio Can Help You
Don't let WannaRen ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This WannaRen ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like WannaRen.
Last updated: July 30, 2025