Wiki Ransomware

What is Wiki Ransomware?

Wiki Ransomware is a threat that shows a message that mentions the following email address: bitlocker@foxmail.com. The address belongs to cybercriminals behind this malware who want to be contacted for payment information. As you see, the hackers claim to have a decryptor that can decipher files affected by this malicious application, and they expect users to put up with their demands if they want to receive such a tool. Sadly, even if you do as told, there are still no reassurances that you will get what is promised. Cybercriminals are not trustworthy people, and so all of their proposals should be considered carefully. To learn more about this threat, we encourage you to read the rest of this article. Also, we advise removing Wiki Ransomware if you want your system to be malware-free or do not wish to risk new data getting encrypted. You can find out more about the malware’s deletion from our article and the instructions available at the end of it.

Where does Wiki Ransomware come from?

You might be surprised to learn that Wiki Ransomware could get in because of some suspicious file launched by you. It could be an email attachment, a software installer, or any other file obtained or downloaded from unreliable sources, for example, Spam emails, messages from unknown senders, file-sharing websites, etc.

Thus, if you do not want to launch malicious files accidentally, you should never open data from doubtful sources. Always remember that malware installers can look like text documents, pictures, and files alike. Meaning, you might be unable to tell if a file is harmful just by looking at it. If you want to be certain, you should scan data that raises suspicion or comes from unreliable sources with a legitimate antimalware tool. Such a check-up should not take a lot of your time, and it might help you dodge a bullet.

How does Wiki Ransomware work?

Wiki Ransomware comes from Dharma/Crysis Ransomware family, which is why it is possible it might be able to auto start with the operating system. Malicious applications that belong to this family gain this capability by creating a particular Registry entry, which is listed in our deletion instructions available below this article. Once Wiki Ransomware settles in, the malware ought to start encrypting files considered to be valuable or personal. For example, it could encrypt photos, videos, various documents, and so on.

The files that the malware should leave unaffected ought to be data belonging to the infected computer’s operating system. Otherwise, the device could become unbootable, and this would prevent Wiki Ransomware from displaying a ransom note. It is a window with a lock image that says: All your files have been encrypted!” It should also explain that they can be decrypted with a particular decryptor and that to get it, one has to pay a ransom.

The note mentions that payment should be made in Bitcoins, but does not mention the sum. Instead, users are given the email address we mentioned at the beginning (bitlocker@foxmail.com). Naturally, we do not recommend attempting to contact the hackers if you do not want to pay the ransom or fear you’ll be scammed.

How to erase Wiki Ransomware?

We advise deleting Wiki Ransomware because it is possible it could restart with every system reboot and encrypt more files. To get rid of this threat manually, you could try to complete the steps listed in the instructions available below. If you think the process is too tricky, we advise installing a legitimate antimalware tool that could remove Wiki Ransomware for you.

Eliminate Wiki Ransomware

1. Click Ctrl+Alt+Delete.
2. Pick Task Manager and select Processes.
3. Locate a process belonging to the threat.
4. Select it and click End Task.
5. Exit Task Manager.
6. Click Windows key+E.
7. Locate these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
8. Locate the malicious application’s launcher.
9. Right-click it and select Delete.
10. Navigate to these locations:
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
    %WINDIR%\System32
    %APPDATA%
11. Find files called Info.hta, right-click them and select Delete.
12. Navigate to these specific Startup directories:
    %WINDIR%\System32
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
13. Identify suspicious executable files, for example, file.exe; right-click them and choose Delete.
14. Exit File Explorer.
15. Press Windows key+R.
16. Insert Regedit and click Enter.
17. Locate the given directory: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
18. See if there are any value names dropped by the threat, for example, file.exe.
19. Right-click such value names and press Delete.
20. Exit Registry Editor.
21. Empty your Recycle Bin.
22. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of Wiki Ransomware*