WannaOof Ransomware

What is WannaOof Ransomware?

WannaOof Ransomware changes computer’s Desktop wallpaper, encrypts pictures, documents, and other user’s personal files, and shows a ransom note asking to pay in Bitcoins or Dogecoins. As always, the ransomware’s developers may claim the user will receive a decryptor in return, but we recommend not to trust them blindly. There are cases when users do not hear from cybercriminals anymore even though they pay the requested sum on time. If you do not want to risk being scammed, you should look for other ways to recover your files. For instance, you could replace encrypted data with backup copies. Needless to say, you should erase WannaOof Ransomware first to make sure it is safe to upload copies or create new files on the computer. To delete it, you could either use the instructions available below or install a legitimate antimalware tool of your choice.testtesttest

Where does WannaOof Ransomware come from?

WannaOof Ransomware could be distributed through Spam emails or unsecured RDP (Remote Desktop Protocol) connections. Moreover, there is also a chance it could travel with fake updates or software installers. Meaning what you have to do to protect your device from such threats is to keep away from websites and emails that could contain unreliable data.

The malware’s launcher could look like a text document or an installer, so being extra cautious with content that does not even look malicious is vital. Naturally, you might be unable to recognize infected files just by looking at them, which is why we advise scanning all downloaded files with a legitimate antimalware tool before launching them. Of course, if you, for example, know who sent you the file and you are sure it cannot be malicious, you could skip the scan. On the other hands, it only takes a couple of moments, and scanning received data could help you dodge a bullet.

How does WannaOof Ransomware work?

The malware should start with the encryption of the user’s personal files, for example, pictures, archives, videos, various documents, etc. One by one, each targeted file should be enciphered and marked with .oof extension.

Later on, WannaOof Ransomware should replace Desktop’s wallpaper with a red image saying the user should follow instructions provided on a pop-up window or else his files “will be lost forever.” The pop-up should contain instructions written on a red background and a timer. According to the message, the user has to pay a ransom of 0.02 Bitcoins in 24 hours. Also, we encountered a version that asked to pay in Dogecoins instead of Bitcoins. Our researchers at Anti-spyware-101.com say users should be able to close WannaOof Ransomware’s pop-ups with no trouble. It is what we recommend if you do not want to pay the ransom, which is quite understandable as there are no guarantees the hackers will provide the decryptor as they promise.

How to eliminate WannaOof Ransomware?

If you choose to erase WannaOof Ransomware, you could try using the instructions available below. They will show how to locate the malicious application’s installer and how to get rid of it. In case the process seems complicated, we recommend employing a legitimate antimalware tool instead. Simply scan the computer with it and wait until you can erase the malware along with other identified issues. Lastly, if you want to ask anything else about WannaOof Ransomware, do not hesitate to leave us a message below.

Remove WannaOof Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Pick Task Manager and select Processes.
  3. Locate a process belonging to the threat.
  4. Select it and click End Task.
  5. Exit Task Manager.
  6. Click Windows key+E.
  7. Locate these paths:
  8. Locate the malicious application’s launcher.
  9. Right-click it and select Delete.
  10. Navigate to: %TEMP%
  11. Find an image called wallpaper.bmp, right-click it, and select Delete.
  12. Exit Registry Editor.
  13. Empty your Recycle Bin.
  14. Restart the computer. 100% FREE spyware scan and
    tested removal of WannaOof Ransomware*

Leave a Comment

Enter the numbers in the box to the right *