New Amnesia Ransomware Variant Poses as WannaCry Clone

Many different ransomware types have come and gone over the past few years. This industry is booming like never before, with new variants rolling out on a regular basis. The Amnesia ransomware strain was once a threat, but a free decryption tool was released earlier this year. However, a new variant of this malware strain surfaced last week, which seems closely related to the WannaCry ransomware strain.

Amnesia Ransomware Mounts a Minor Comeback

The year 2017 has been riddled with new malware and ransomware types arising on a regular basis. The number of new strains can almost no longer be counted, which is not entirely surprising. At the same time, a lot of those strains are no longer threats, as free decryption tools have been provided by security researchers. One of the malware strains to have made somewhat of an impact in 2017 goes by the name of Amnesia.

During the initial stages of Amnesia’s distribution, some ransomware tools were reporting this family as being part of the Globe3 family. That falsehood was corrected quickly. In reality, Amnesia is an entirely new type of malware altogether. This meant it was impossible to decrypt files affected by Amnesia without making a payment. Thankfully, security researchers have since come up with a solution which allows victims to restore access to their files free of charge.

As we have come to expect from ransomware distribution campaigns, Amnesia is mainly distributed via a malicious email attachment. In most cases, the email attachments in question are either PDFs or zip files, which have become the new norm throughout 2017. Amnesia shares a few traits with CryptoMix and other ransomware types. It uses a different encryption algorithm, though, and its developers’ ransom demand remains unknown to this date.

With a new variant discovered earlier this week, it appears Amnesia is trying to make a comeback. That seems rather intriguing, especially considering that the new variant may be decrypted free of charge thanks to the decryption tool recently created by security researchers. Since the new variant was only identified late last week, it is still too early to tell whether or not the new strain can be decrypted free of charge. It is certainly possible this is the case, which would nullify the new variant from day one.

The new variant seemingly mimics the WannaCry ransomware which made headlines all over the world. However, all of the underlying technology still uses the same Amnesia ransomware strain we saw earlier this year. The only difference is how it copied the WannaCry ransom note virtually word for word, though a few parts were modified slightly. Users are still asked to contact the developers directly in order to receive payment instructions.

This new Amnesia ransomware has been distributed on a large scale over the past few weeks. It does not appear any specific region is targeted, as it is more of a global attack right now. However, without knowing whether or not the ransomware can be decrypted free of charge, it is unclear how big a threat this malware poses. It is nevertheless an interesting development to keep an eye on.