f.wnry

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
f.wnry is a threat actor involved in the execution of malicious activities, specifically ransomware attacks. The modus operandi involves encrypting an Advanced Encryption Standard (AES) key with a randomly generated RSA key. This process is initiated by writing the file path to the file f.wnry. If the f.wnry file doesn't exist during initialization, the malware generates a random number provided the file size is less than 209,715,200 bytes. However, if the random number isn't a multiple of 100 or if the f.wnry file already exists on the system, the malware proceeds to encrypt the AES key. The encrypted files are then stored in a list within the f.wnry file. These files are chosen at random and encrypted using an embedded RSA private key. This process allows the WCry ransomware to demonstrate decryption capabilities to its victims via the @[email protected] module, which is identical to u.wnry. It's worth noting that if a victim attempts to decrypt their files without paying the ransom, the malware will decrypt the files listed in the f.wnry file. The ransomware also uses various techniques to prevent recovery and ensure persistence. For instance, it deletes shadow copies and disables recovery options, making it harder for victims to restore their systems to a pre-infection state. Victims are then directed to pay a specified amount in Bitcoin to a given address. Failure to comply with these demands may result in the permanent loss of encrypted data. In summary, f.wnry represents a significant cybersecurity threat due to its sophisticated encryption methods and persistent tactics.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the f.wnry Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
WCry (WannaCry) Ransomware Analysis
MITRE
a year ago
WannaCry Malware Profile | Mandiant