Emsisoft Releases Bug Fix for Bitcoin-Ransoming Malware WannaCryFake

Software firm Emsisoft released a bug fix for the bitcoin-ransoming malware WannaCryFake.

AccessTimeIconSep 25, 2019 at 8:35 p.m. UTC
Updated Sep 13, 2021 at 11:29 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Software firm Emsisoft released a bug fix for the bitcoin-ransoming malware WannaCryFake.

Announced today in a blog post, the free software will help recover encrypted files without leading to data loss.

Unlike real crypto-mining exploits, ransomware is dependent on extortion to reap a reward. Ransomware attacks increased 118 percent in 2019, equaling 504 new threats per minute, in the first quarter, according to a McAfee report.

WannaCryFake is a variant of the infamous WannaCry ransomware that targeted Microsoft computers in 2017. It locks victims’ files using AES-256, or the advanced encryption standard.

An infected victim will receive a message that says:

“You have to pay for decryption in bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.”

Victims are instructed to contact the ransomware distributors through ProtonMail or Telegram, and are then provided steps on how to send bitcoin through Pidgin.

Though the virus suggests LocalBitcoin’s as the “easiest way to buy bitcoin,” it also sources CoinDesk’s beginners' guide to bitcoin for users unfamiliar with the digital currency.

The malware also warns, “Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.”

Once downloaded, the Emsisoft Decryptor uses the encrypted file and the original unencrypted version to piece together the keys needed to decrypt locked data. Because the protocol uses filename extensions to determine the encryption parameters, users are instructed not to rename their files.

Emsisoft’s software allows users to keep a record of the decryption process by using the Save Log button.

In addition to an increase in bitcoin ransoming malware, crypto-jacking scams are up 29 percent in the first half of 2019, despite the difficulty in mining due to bitcoin’s increasing hash rate.

Hacker photo via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.