Wooly Ransomware

What is Wooly Ransomware?

Wooly Ransomware is a dangerous computer infection that first appeared in Mid-August of 2017. It was designed to encrypt many of your files with a strong encryption algorithm and demand that you pay a ransom for a decryptor/decryption key. Needless to say, you have to remove this malware as soon as you can. This malware can infect your computer through several channels and then do its dirty work, so if you do not have an anti-malware program, then we suggest you get one to protect your PC from the likes of Wooly Ransomware. If you want to find out how this ransomware is distributed, how it works, and how you can get rid of it, we invite you to read this description.

Where does Wooly Ransomware come from?

According to our malware analysts, Wooly Ransomware can be distributed in many ways that include exploiting unprotected Remote Desktop Protocol (RDP) configurations, sending this ransomware is mails to random email addresses disguised as a harmless file. Fraudulent downloads are sometimes also used to make you install this ransomware while thinking that you are installing a legitimate application. Fake software updates and repacked software installers can also be used to inject your PC with this ransomware. Lastly, exploit kits inserted into malicious websites can download it onto your PC secretly. This ransomware can be distributed using any one of the aforementioned methods.  Now let us take a look at how this particular ransomware works.

How does Wooly Ransomware work?

Our researchers have found that this ransomware uses an AES (Advanced Encryption Standard) encryption algorithm to encrypt your files. This encryption method is quite strong, and there is no free decryption tool to get you your files back. Researchers say that this program was set to encrypt files that include MS Office documents, OpenOffice, PDF, text files, databases, photos, music, video, image files, archives, and so on. Indeed, this ransomware can encrypt many files to compel you to pay the ransom. The ransomware aims to encrypt as many files to encrypt as many valuable files that may have added value to you. It appends the encrypted files with a “.wooly” file extension to show you which files were encrypted.

Once the encryption is complete, this ransomware is set to demand that you pay a ransom in Bitcoins. The precise sum to be paid is unknown, but the cyber crooks can ask you from several hundred to thousands of dollars. It targets the wealthier English speaking populations around the globe. We do not recommend that you pay the ransom because you cannot trust cyber criminals to keep their word.

How do I remove Wooly Ransomware?

In summary, Wooly Ransomware is an application dedicated to encrypting your personal files and demanding that you pay a ransom for a decryption key. There is no guarantee that the cyber crooks will send you the decryptor/decryption key. Therefore, we believe that the best solution would be to remove this ransomware. For removing this particular ransomware, we recommend that you get an anti-malware program called SpyHunter and use its free malware scanner to detect Wooly Ransomware and then go to the location of its malicious file and delete it.

Manual Removal Guide

  1. Go to http://www.anti-spyware-101.com/download-sph
  2. Download SpyHunter-Installer.exe and run it.
  3. Launch the program and click Scan Computer Now!
  4. Copy the file path of the executable from the scan results.
  5. Press Windows+E keys.
  6. Enter the file path in File Explorer’s address box and hit Enter.
  7. Find and right-click the executable file and then click Delete.
  8. Empty the Recycle Bin. 100% FREE spyware scan and
    tested removal of Wooly Ransomware*

Leave a Comment

Enter the numbers in the box to the right *