Wana Decrypt0r Ransomware

Posted by Lisa Blanc on May 19, 2017

What is Wana Decrypt0r Ransomware?

When Wana Decrypt0r Ransomware invades, it does everything to ensure that your files are encrypted for good. It deletes Shadow Volume Copies and disables Startup Repair. It is even capable of overwriting the files that are stored in cloud storage if files are synchronized automatically. The encryption key utilized for the encryption of files is complex, and it is impossible to crack it. Basically, if you do not have copies of your personal files backed up on an external drive or a secure storage cloud, you are in trouble. Although the creator of the ransomware wants you to believe that you can decrypt the files using a special decryption tool that costs $300, Anti-Spyware-101.com research team warns that cyber criminals simply cannot be trusted. When they receive your payment, the transaction is complete, and they are not obligated to keep their end of the deal. Although the right thing to do would be to give you what is promised, do you really expect cyber criminals to do the right thing? Hopefully, your files are backed up, and you can delete Wana Decrypt0r Ransomware without further postponement.test

How does Wana Decrypt0r Ransomware act?

While some malware analysts identify the threat by such names as “WannaCry Ransomware” and “WanaCry Ransomware,” the ransom window that pops up right after the encryption is entitled “Wana Decrypt0r 2.0,” which is why that is the name we have chosen to call it as well. When this threat encrypts your files, you should find the “.WNCRY” or “.WNCRYT” extension appended to their names, and that is what should help you identify the corrupted files quickly. If the files you find to be encrypted are backed up, you should not waste any time. Wana Decrypt0r Ransomware can communicate with remote servers, and it is completely unpredictable, which is why the quicker you remove it from your operating system, the better. Of course, you are unlikely to rush the removal if your files are not backed up. According to the information represented via @WanaDecryptor@.exe and @Please_Read_Me@.txt files, you can recover your files only by paying the ransom. To this date, nearly 300 payments have been made to three Bitcoin Addresses (13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94, 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw, and 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn). According to the latest data (note that it is changing constantly), the criminals who have created Wana Decrypt0r Ransomware have already received at least $90,668.53, which is an incredibly large sum of money.

If we take a few steps back and discuss the distribution of Wana Decrypt0r Ransomware, it is important to mention that this infection is executed by a worm that can slither into your operating system unnoticed. An SMBv1 exploit is used for that, and you can prevent the exploitation of this vulnerability only by installing the security updates that are part of the Microsoft Security Bulletin MS17-010 (it is classified as a “critical” update). If the security patch is not applied, the worm can slither in without any warning. The dangerous Wana Decrypt0r Ransomware is clandestine as well, and the victim is likely to notice its existence only after all files are encrypted. So far, vulnerable Windows operating systems in 150 countries have been attacked by this malicious threat, and it was found that the computers that belong to NHS, the Russian Interior Ministry, Indian state police, and other big organizations were corrupted as well. Clearly, the creators of the malicious ransomware are not messing around.

How to delete Wana Decrypt0r Ransomware

Wana Decrypt0r Ransomware is a monstrous infection, and it is far more aggressive than any other recently reported ransomware threat. If it has invaded your operating system, the first thing you must do is check which files were encrypted, which you can do by looking at the extension of the file. Hopefully, these files are backed up, and you can recover them after you remove Wana Decrypt0r Ransomware. However, if your files are not backed up, it is most likely that you will not be able to recover them. Even if you pay the ransom that allegedly can be traded for a decryption key, it is unlikely that you would get what is promised. In fact, it is more likely that you would find yourself without files and your money. Although it is possible to remove Wana Decrypt0r Ransomware manually, using anti-malware software is much more beneficial because it can reinstate full protection. Of course, if you fail to install security updates, malware could invade anyway, and so must be careful with that.

Removal Instructions

  1. Right-click and Deletethese files from all places where this ransomware encrypted files (they might have multiple copies):
    • @WanaDecryptor@.exe
    • @Please_Read_Me@.txt
  2. Delete all suspicious recently downloaded files
  3. Tap Win+E keys to access Explorer.
  4. Enter %WINDIR% into the bar at the top.
  5. Right-click and Delete a file called tasksche.exe.
  6. Enter %ALLUSERSPROFILE% (or %ALLUSERSPROFILE%\Application Data) into the bar at the top.
  7. Right-click and Delete the folder that contains tasksche.exe (the name of the folder is random).
  8. Install a reliable malware scanner and run a full system scan to check for malicious leftovers.
100% FREE spyware scan and
tested removal of Wana Decrypt0r Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *