AutoWannaCryV2 Virus – Remove and Restore .wannacryv2 Files
THREAT REMOVAL

AutoWannaCryV2 Virus – Remove and Restore .wannacryv2 Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by AutoWannaCryV2 and other threats.
Threats such as AutoWannaCryV2 may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

AutoWannaCryV2 Virus image ransomware note .wannacryv2 extension

The AutoWannaCryV2 Virus is a test release ransomware targeting English-speaking users on a global scale. The currently released samples of it are early versions that may be updated in further iterations. Refer to our in-depth article for a technical analysis and full removal instructions.

Threat Summary

NameAutoWannaCryV2
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts sensitive information on your computer system with the .wannacryv2 extensions and demands a ransom to be paid to allegedly recover them.
SymptomsThe ransomware will encrypt your files with a strong encryption algorithm.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by AutoWannaCryV2

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss AutoWannaCryV2.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

AutoWannaCryV2 Virus – Distribution Ways

The AutoWannaCryV2 virus is a new ransomware threat that has been detected in the end of July this year. According to the available reports it seeks to primarily target English-speaking users from around the world.

At this point the number of captured samples is low and this does not give out the main delivery method. The hackers behind the AutoWannaCryV2 virus can use all available methods in order to spread the danger.

One of the common tactics is the creation and coordination of email phishing campaigns. They send bulk messages in a SPAM like manner containing web elements taken from various well-known companies or services. The criminals seek to confuse the users into thinking that they have received a legitimate message. The AutoWannaCryV2 virus is usually embedded somewhere in the body contents or directly attached to these fake notification messages.

Another mechanism is the distribution of fake download sites, they attempt to mimic real-world services and portals that are frequently visited by computer users. Along with the emails they are the most popular choice for spreading infected payloads:

  • Infected Documents — The criminals can leverage documents of various types (presentations, rich text files, spreadsheets) with the virus code. Once the files are downloaded and run by the victim users a notification pop-up message will be presented which prompts them to enable the built-in scripts. As soon as this is done the infection will follow.
  • Installers — The same strategy can be applied to application setup packages. The hackers take the installers of famous software from the vendor official sites and bundle them with the ransomware dropper code. The users will have no clue that they are installing the virus as the application guides them through the usual setup steps.

Another dangerous scenario is the inclusion of the virus code in browser hijackers — they represent malicious browser extensions that are usually spread on the associated plugin repositories. They are advertised as useful plugin additions and makes use of fake developer credentials and user reviews.

AutoWannaCryV2 Virus – In-Depth Analysis

The AutoWannaCryV2 virus has undergone a basic security scan that shows that it is descendant from the AutoIt ransomware family. This is a common threat type that uses scripting languages and builders in order to program the virus’s operations.

The fact that the virus is written using this technology makes it very easy for the hackers to customize the behavior patterns.

An example customized version of the AutoWannaCryV2 virus can begin with a data harvesting module. It is configured to extract sensitive data about the users and their computers. This includes personally identifiable information that can be used to directly expose the victim’s identity. This includes their name, address, phone number, location, interests and passwords. Another type of data that can be acquired is information related to the campaign optimization metrics. This is a collection of information that is used to optimize the attacks and consists of information about the installed hardware components and certain operating system values.

This data can then be used by the stealth protection module which can protect the virus engine from security software. This is done by scanning the local system for signatures of anti-virus programs, debuggers and other applications that can intefere with the ransomware’s correct execution. This can result in the blocking of the real-time engines or the deletion of the program altogether.

As soon as this is done the threat may continue with further system changes. A list of some of the possible actions can include any of the following:

  • Windows Registry Changes — The malicious engine can proceed with modifications to the Windows Registry. If they target the entries belonging to the operating system then the overall performance may drop. If individual applications are affected then certain functions may stop working properly.
  • Persistent Installation — The AutoWannaCryV2 virus can be installed in a persistent way. This means that it will modify the boot options by disabling the ability to enter into the recovery boot menu. The threat will be automatically started once the computer is booted.
  • Trojan Component — In certain cases a Trojan component can be installed and started. The most common type is the use of a hacker-controlled server which is used by the controllers. By connecting to it the criminal operator will have access to the victim system’s files. In addition this option allows the hackers to spy on the victims in real time.
  • Additional Virus Installaton — The AutoWannaCryV2 virus infection can be used to deploy additional threats to the infected computers.

Other modifications can be addded at any given time by the hackers. Advanced ransomware can contact the hacker-controlled server in order to acquire newer modules.

AutoWannaCryV2 Virus — Encryption

Once all prior tasks have complete the AutoWannaCryV2 virus will launch the ransomware module. Like other similar AutoIt-based it uses a built-in list of target file type extensions. Typically they include the most popular file types:

  • Archives
  • Documents
  • Backups
  • Images
  • Documents
  • Videos

All affected files are renamed with the .wannacryv2 extension. Instead of a ransomware note it launches a pop-up message reading the:

All your files encrypted! By wannacryV2
Spent time on encryption: 318 seconds

The ransomware engine drops an executable program called wanna cry v2 decryptor.exe that servers as the decryption tool. The sample versions distributed by the hackers can be made into unlocking the victim files with the “123qe” string.

Remove AutoWannaCryV2 Ransomware Virus and Restore .wannacryv2 Files

If your computer got infected with the AutoWannaCryV2 ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Note! Your computer system may be affected by AutoWannaCryV2 and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as AutoWannaCryV2.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove AutoWannaCryV2 follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove AutoWannaCryV2 files and objects
2. Find files created by AutoWannaCryV2 on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by AutoWannaCryV2

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...