Widia Ransomware is a new cyber infection being categorized as ransomware which follows trend of locking the screen. This malware is completely different from other crypto-ransomware. Actually this virus prohibits users from accessing their files by interfering with the regular system’s boot up process. A multicolored Wildia’s lock window where system stops booting up claims to have encrypted victim’s file and if they want to get it back, victims are expected to purchase private recovery key from the hackers. Then victims are asked to pay ransom amount within miserable 24 hours. The hackers behind this virus set-ups a timer to countdown seconds until deadline of the payment chances of getting back files become more uncertain.
Technical Description Of Widia Ransomware
In fact, Widia Ransomware is not that typical file encrypting ransomware but works as a screen locker. This virus is found to have similarities to LataRebo Locker Ransomware and Levis Locker Ransomware. The pernicious malware was seen to use following files on the targeted system :
The above mentioned list of files associated with this ransomware likely to avoid the attention of AV Scanners and other virus removal tool. Moreover, it ensures that it gets executed on boot-up by setting an auto-execute command in the registry of the PC. Also, it is able to make modifications in the following registry keys :
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN”; Key: “B60E87WIDIA”; Value: “%WINDIR%\b60e87widia.exe