Updated on 2022-11-27: Life ransomware
Trend Micro said that it detected a new version of the WannaRen ransomware in attacks that targeted Indian users over the month of October. The original WannaRen ransomware was active for only a few days in August 2020, when it infected thousands of Chinese internet users who downloaded copies of a malicious Notepad++ app hosted on local download sites. The ransomware went silent days after the attack, after several Chinese security firms released free decrypters to help users recover their encrypted data. Trend Micro named this new WannaRen variant as Life ransomware, but the company didn’t say if it was still decryptable. Read more: WannaRen ransomware author contacts security firm to share decryption key
Updated on 2022-11-24
The dormant WannaRen ransomware resurfaced as Life ransomware and has been targeting Indian organizations. Read more: WannaRen Returns as Life Ransomware, Targets India
Overview: WannaRen Ransomware Operators Offer Key
A ransomware group responsible for spreading WannaRen ransomware earlier this year has offered up the malware’s decryption key. WannaRen infected tens of thousands of computers belonging to Chinese and Taiwanese companies and home users. WannaRen uses the EternalBlue exploit, which WannaCry operators used in May 2017. Within a week, the malware spread more widely than the operators had intended, so they contacted a cybersecurity company and offered the master decryption key.