What is Wixawm Ransomware?

What is Ransomware ?

Ransomware is a type of malware that encrypts a target systems files in order to demand a ransom to restore access to the locked data. The ransomware may be coupled with a Trojan to grant the attacker's computer network access.

How does Ransomware Spread?

Ransomware can be spread in several ways. The most common is phishing, in which an attacker uploads a file with malicious code into an unsuspecting user's computer. The file is disguised as a document or other file that the user is likely to trust. Ransomware can also be spread by installing pirated software, drive-by-download, or social engineering tactics.

About Wixawm Ransomware

Wixawm is a type of malware belonging to the ransomware family and is spread through a Win32 EXE file. Wixawm encrypts all the files in a computer until the user pays a ransom. Files encrypted by Wixawm will have a Files encrypted by Wixawm Ransomware are appended with a .wixawm extension at the end of the file name. 

Wixawm Ransomware has also been spotted inside the following files and processes: ['wixawm@gmail.com.exe,(MJ-IX7198063254)(wixawm@gmail.com).wixawm (copy)', 'wixawm@gmail.com.exe']

Wixawm is a ransomware that encrypts files with the following extensions: .txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .ods, .jpg, .jpeg, .bmp, .gif, .png, .psd, .ai, .eps, .pdf, .ps, .eps, .ai, .3ds, .max, .cdr, .cdrw, .dwg, .dxf, .dgn, .dwg, .dxf

Wixawm Ransomware Capabilities

• Spawns processes 
• Reads the hosts file 
• Queries a list of all running processes 
• Performs DNS lookups 
• Drops executable to common a third party application directory 
• Creates a start menu entry (Start Menu\\Programs\\Startup) 
• Infects executable files (exe, dll, sys, html) 
• Uses HTTPS 
• Disables the windows firewall (over ALG) Uses net.exe to stop services 
• Uses HTTPS for network communication, 
• Writes ini files 
• Queries the volume information (name, serial number etc) of a device 
• Uses net.exe to stop services 
• Creates files in the recycle bin to hide itself 
• Uses bcdedit to modify the Windows boot settings 

How to Protect Against Ransomware?

There are a number of things that you can do to protect yourself from ransomware. The first thing is to make sure that your anti-malware software is up-to-date. You can also install firewalls on your device to keep in touch with the internet. Finally, limit the amount of personal information you share on social media and with trusted third parties.\n

• Use a reliable backup tool
• Use security software such as antivirus software to scan your computer for malicious files and then remove them
• Use a strong password and make sure that your devices are always running with the latest security patches 
• Use caution when opening attachments and downloading files from unknown sources
• Never click on links in emails that you're not sure about and never download anything you aren't completely sure about