WannaOof is largely believed to be spreading around via spam email, pirated content and faux updates.
When it infects the user's computer, WannaOof would start a scan and find the file types it was programmed to lock. The next step is the encryption process. WannaOof applies its own extension to the files it has encrypted. The extension is what gave the WannaOof its name - '.oof.' This means that a file the user had given the name 'hand-cream.png' previously would have the WannaOof Ransomware extension added to it and would be called 'hand-cream.png.oof' after the attack has taken place.
The creators of WannaOof state that they want 0.02 Bitcoin (approximately $107, at the time of writing this article) in exchange for the decryption key. There is also a 24-hour timer counting down the time the user have left until their data is lost forever, or so the attackers promise.
It is likely that the name of the extension was inspired by a meme that got very popular in 2018 – the Roblox (video game) death sound.