A new ransomware campaign infects user devices and urges victims to join a Russian private military company (PMC), the Wagner Group.
According to cybersecurity researchers at Cyble, the Wagner ransomware doesn’t demand sensitive information or money. Instead, it aims to recruit victims with the infected devices to join PMC Wagner – a Russian paramilitary organisation that is reportedly the private army of Yevgeny Prigozhin.
The ransom note left by the malicious software is titled “Official Wagner PMCs Employment Virus” and claims that the group is “going to war against Shoigu.” This is referring to Minister of Defence and Russian politician Sergei Kuzhugetovich Shoigu. Additionally, the note ends with “Greetings from Prigozhin,” indicating the group’s leader.
Researchers claim this ransomware aligns with the Wagner Group’s Telegram channel, but the PMC has yet to publicly announce ownership over the malware. The threat actors behind the ransomware are currently unknown.
The report states the Wagner ransomware is a variant of the Chaos ransomware, a version of another malware variant called RYUK. Wagner encrypts data stored on the C:drive, including documents, contacts, OneDrive data and more. Once encrypted, the files are renamed with a “.Wagner” extension.
“We discovered that the ransomware sample was initially submitted on VirusTotal from Russia,” Cyble researchers state. “Since the ransom note is also written in Russian, it suggests that the ransomware may primarily target victims within Russia.”
The Wagner Group was founded in 2014 and is owned by Yevgeny Prigozhin, a former ally of Russian President Vladimir Putin. According to US officials, It is made up of thousands of mercenaries and recently staged a short-lived “march of justice” in Moscow.
The ransomware targets Russian individuals, but having malicious software on your system – whether it asks for money or wants to recruit victims – isn’t something anyone wants. It’s a good idea to know how to detect and stop ransomware.
How to stop ransomware
The problem with ransomware is that it’s tricky to get rid of. Even Bitdefender’s Director of Threat Research states that “ransomware is irreversible.” However, this doesn’t mean you can’t be prepared, as there are ways to block and prevent your data being taken.
The most important step in keeping your data safe is to have a backup of your files. This can be through Apple iCloud, Google Cloud Storage, Microsoft OneDrive or any app that lets you keep your important data safe. In the case of a ransomware attack, your files will be easily recoverable since they’ve been backed up. They may not be as up to date, but at least you’ll have access to them.
Use an antivirus to block ransomware
Your PC’s ransomware protection offers a reliable way to keep your personal information and files safe from threat actors, but the best antivirus software can do a lot more to fend off malware.
Providers such as Bitdefender, Norton 360 and Malwarebytes have excellent detection and protection rates that defend against all forms of malware, meaning they can block and get rid of ransomware before it gets its hands on your personal files. They also analyse and scan through malicious websites and emails to make sure you don’t mistakenly download malware in the first place. Furthermore, some subscription packages come with 100GB of cloud storage, which is perfect for stopping hackers keeping your private data hostage.
For a better look at different antivirus software and which is the best for you, check out our reviews:
- Bitdefender review: All-in-one premium security
- Norton 360 Platinum review: Security multiplied
- Malwarebytes review: Premium is the way to go
Use ransomware protection
Windows 10 and Windows 11 come with ransomware protection as part of Microsoft’s Windows Security suite. It’s a handy security tool that restricts applications from accessing, changing or encrypting the files in specific folders. This is key in defending against malware such as ransomware, as it prevents hackers from sneaking their way into folders to steal and lock down your private data.
You just need to turn on Controlled Access. You can find out how to turn on your PC’s hidden ransomware protection, and you can find a brief guide below:
- On your device, type in “Virus & threat protection” in the search field located on the taskbar.
- Select Virus & threat protection.
- A window will pop up. Under Virus & threat protection settings, select Manage settings.
- On the next page, make sure to turn on Real-time protection.
- Scroll down and select Manage Controlled folder access.
- Switch in Controlled folder access.
With this turned on, key folders such as Windows system folders, your default documents and pictures folders with be protected by default. You can add more trusted folders to protect by selecting Protected folders > Add a protected folder.
Looking to stop malware on your smartphone? Check out our guide on how to remove malware on iPhone and how to remove malware on Android.
What is ransomware?
Ransomware is a type of malware that cybercriminals use to restrict access to files on a victim’s device, encrypting user data and demanding a ransom payment in order to gain access to them. If users don’t comply, these hackers will threaten them by leaking personal data they’ve locked down. It’s like someone changing the lock on your door, making new copies of a key, and asking for an outrageous sum of money to gain access to your property again – or they’ll sell off everything you own.
If a ransom is paid off, hackers will release the decryption key for users to gain access to their files again – or so they say. Furthermore, threat actors will make large claims that they haven’t just locked your files but have also obtained sensitive information on your device (a.k.a data theft), convincing users they can easily leak your data online. However, they may not have this data at all; cybercriminals are just bluffing their way to stealing your hard-earned cash.
These fear tactics convince victims that they must fork over a specific ransom, but these hackers may not give you access to your files once you’ve made the transaction, and they may not even have your data at all. This is why it’s important to never comply and to make sure you have the right ransomware protection so you’re never in this position in the first place.
