WIOT Ransomware Joins the Evergrowing STOP/Djvu Ransomware Family
WIOT Ransomware is identifiable by the fact that it appends affected files with the ‘.WIOT’ suffix. This strain of ransomware is identical to the other members of the STOP/Djvu Ransomware family. Like most ransomware strains, it spreads mostly via spam emails, social engineering, and compromised websites.
The WIOT Ransomware Experience
Users will unknowingly download WIOT Ransomware, and then they will suddenly see that their files have been encrypted and rendered inaccessible. They will notice that the affected files have the ‘.WIOT’ extension and there is now a ransom note on their desktop in the form of the ‘_readme.txt’ document. The hackers request a payment of $980 for file decryption, but they are willing to lower that request to $490 in return for prompt payment within 72 hours.
The ransomware owners also provide the user with contact information through 2 emails, helpteam@mail.ch and helpmanager@airmail.cc. Should users communicate via the emails provided, they will be asked to send one locked file to be decrypted for free as proof that the ransomware operators can unlock the encrypted files after receiving payment. We strongly recommend that you do not communicate with the hackers and refrain from paying any ransom, as paying does not guarantee file decryption or resolution to the problem.
Surviving a WIOT Ransomware Attack
If your files were encrypted with an offline encryption key, it might be possible to get them back with a public decryption tool developed for the STOP Ransomware infection. However, if WIOT Ransomware used an online encryption key, getting the files back becomes almost impossible. Therefore, we strongly recommend users keep backups of their files to mitigate the trouble caused by the ransomware infection. We also recommend that you use a reputable anti-malware tool to regularly scan for and remove infections like WIOT Ransomware from your system.
