DataWait Ransomware Removal Guide

You should not wait when you discover DataWait Ransomware because this is a serious threat that requires immediate removal. Unfortunately, this infection encrypts files before it even reveals itself, and then is demands money in return for the files, which is what is likely to make most stop and think. Although the attacker behind the infection gives you an option to pay money to get a decryptor, this is not really an option you should be taking seriously. Why? Because cyber criminals are ready to promise you anything just to get your money. At the time of research, it was not clear if attackers had already been successful at taking money, but ransomware is so popular and so wide-spread these days not because it is fun but because it is very lucrative. Overall, whether or not you decrypt your files in the end, you must remove DataWait Ransomware, and that is why we created this report.

DataWait Ransomware is almost identical to KEYPASS Ransomware and a few other known threats that are considered to be part of the STOP Ransomware family. These infections always attack vulnerable Windows operating systems, then they encrypt files, and, finally, they ask for money. If we stop at the first step for a moment, it is important to note that cyber criminals can use different methods to spread malicious file-encryptors. Spam emails, misleading downloaders, and security vulnerabilities can all be used to spread the infection. Let’s move to the encryption part now. The encryption of files is silent, and so you are unlikely to notice it at all. Also, the process is quick, so even if you notice encrypted files, you are unlikely to stop the attack in time. In older versions of DataWait Ransomware, a fake Windows update would pop up, and, most likely, this was just a distraction. After encryption, all personal files that are encrypted also gain the “.DATAWAIT” extension (it is added to the original name). Although you can delete this extension, there is no point in doing that because that would not restore encrypted data.

Did you find the “!readme.txt” file along with the encrypted files? This file is created by the malicious DataWait Ransomware itself, and it is safe to open because it is just a regular text file. The message calls for attention and informs that all files with the “.DATAWAIT” extension are encrypted. It then proceeds to inform that files can be recovered with the help of “decrypt software and unique private key.” Then it asks to contact cyber criminals by email (BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch or savefiles@india.com) along with 1-3 small files. Needless to say, the alleged decryption services are not free, and victims are asked to pay $290 within 72 hours. The majority of file-encrypting threats were created for the sole purpose of making victims pay money, and, unfortunately, they are often successful. The problem is that once the creators of DataWait Ransomware and similar threats receive the money, they just disappear leaving their mess behind, and files are not decrypted in the end.

Do not leave your operating system vulnerable to malware attacks. Do not ignore the weakness of your files and back them up to ensure that copies exist. Do not let cyber criminals bully you if they gain access to your computer and your personal files. Unfortunately, it is all easier said than done. Nonetheless, if you secure your operating system and also back up your files, you certainly have better chances of standing for yourself when facing cyber attackers. If your personal files are backed up, just delete DataWait Ransomware already. If you care about your system’s protection in the future, install trusted anti-malware software now, and you will not need to worry about removing DataWait Ransomware or securing your system. If you want to eliminate the threat manually, remember that its components could have unique names. It might be most difficult for you to find and erase the infection’s launcher. If you are having any issues with the removal of this malware, post a comment in the section below.

How to delete DataWait Ransomware

1. Simultaneously tap Win+E keys to launch Explorer.
2. Type %LOCALAPPDATA% or %USERPROFILE%\Local Settings\Application Data\ (depending on your Windows version) into the Explorer’s field at the top.
3. Deletethese files:
   • \[random name]\[random name].exe
   • script.ps1
   • \[random name]\2.exe
   • \[random name]\4.exe
   • \[random name]\updatewin.exe
4. Find and Delete the [random name].exe file that launched the infection (any location is possible).
5. Simultaneously tap Win+R to launch RUN and enter regedit.exe into the box.
6. In Registry Editor move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
7. Delete the SysHelper value.
8. Empty Recycle Bin and then employ a malware scanner to check your system for malicious leftovers.