DataWait Ransomware

Posted by Lisa Blanc on February 1, 2019

What is DataWait Ransomware?

Your files are in grave danger if DataWait Ransomware has encrypted them. The infection uses an algorithm that cannot be cracked that easily. Using this algorithm, the data of the files is changed, and the files become unreadable. Additionally, the “.DATAWAIT” extension is added to the original names, and that is how you might identify the corrupted files. Otherwise, you can try to open them, but you will see that that is not possible. Unfortunately, once files are encrypted, they might be unrecoverable. In the best case scenario, all of your personal files are backed up, and you can easily replace the corrupted files with backup copies after deleting DataWait Ransomware. If you want to review your backups, do NOT do that using the infected machine. Remove the threat first and then connect to other devices or cloud accounts. What about the private key that, allegedly, should restore your files? Do not pay for it, or you will lose your files and your money.test

How does DataWait Ransomware work?

DataWait Ransomware, according to Anti-Spyware-101.com research team belongs to the STOP Ransomware family. A few other threats that belong to it include Savefiles@india.com Ransomware and KEYPASS Ransomware. These infections are dangerous because they can slither in silently. For example, unguarded RDP channels could be used by the infection to invade. Also, you could be tricked into executing it yourself by opening spam email attachments. Once the launcher of DataWait Ransomware is executed, the encryption process starts. To distract you, the infection displays a pop-up that seems to represent a Windows update. The funny thing is that Windows 10 users should face the same window. At the end of the process, the fake update window might remain on the screen until the computer is restarted. Besides encrypting files, the threat also can disable the Task Manager, as well as disrupt explorer.exe. Our research team found this service crashing at random times. This will not stop until you remove the infection from your Windows operating system.

Once DataWait Ransomware is settled in, it creates “!readme.txt.” This file is created in every folder that contains encrypted files, and it displays a message. According to it, a private key and decryption software must be purchased if the victim wants to decrypt files. At the time of research, the price was set at $290, and 72 hours were given to complete the payment. Since there is no information as to where this money is supposed to go, the victim might be convinced that they need to contact cyber attackers via BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch (BitMessage app) or via savefiles@india.com. We do not recommend contacting cyber criminals at all. Paying the ransom is not a good idea either because the chances of you receiving software capable of decrypting files are slim to none. Save your money and invest it somewhere else. If a miracle happens and you manage to decrypt your files, remember that you need to delete DataWait Ransomware anyway.

How to remove DataWait Ransomware

Deleting DataWait Ransomware manually can be a challenge with the blocked Task Manager and the dysfunctional Explorer. That being said, we do not say that that is impossible. We have created a full guide that will help you remove all malicious components one by one; however, you must keep in mind that some components might have unique names. Also, we do not know where the launcher .exe file is, or what its name is. If manual removal of DataWait Ransomware is just too complicated, install anti-malware software. If you find the right program, do not be afraid to invest in it because it will ensure that your system is clean and is protected in the future. As long as your system’s security defenses are strong, and your personal files are backed up, malware will not be able to touch you. Of course, new threats emerge every single day, and so you need to be careful. Always keep your security software updated and avoid unreliable downloaders, suspicious files, strange links, and so on.

Removal Instructions

  1. Find the [unknown name].exe launcher file, right-click it, and choose Delete.
  2. Launch Windows Explorer by tapping Win+E.
  3. Enter %USERPROFILE%\Local Settings\Application Data\ (or %LOCALAPPDATA%) into the bar at the top.
  4. Right-click and Deletethese components:
    • script.ps1
    • \{random name folder}\{random name}.exe
    • \{random name folder}\2.exe
    • \{random name folder}\4.exe
    • \{random name folder}\updatewin.exe
  5. Exit Explorer and then launch RUN by tapping Win+R.
  6. Enter regedit.exe and hit OK to launch Registry Editor.
  7. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  8. Right-click and Delete the value named SysHelper (should pint to the {random name}.exe file).
  9. Exit Registry Editor and then Empty Recycle Bin.
  10. Install a trusted malware scanner and inspect your operating system for leftovers. 100% FREE spyware scan and
    tested removal of DataWait Ransomware*

Stop these DataWait Ransomware Processes:

57ea59c78c54676a2f76611f841d8e197a0fffc1a1c2e4f7a5b86c4210f54781.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *