If you not only heard about WanaCrypt0r Ransomware but also encountered it as well, we advise you to review the rest of our report and learn more details about this vicious threat. It managed to infect numerous computers all over the world in a rather short time; the researchers say the malicious program was noticed in more than 150 countries. Same as other ransomware applications it damages user’s data by encrypting it and demands to pay a ransom. Currently, there is still no way to decipher WanaCrypt0r Ransomware, but hopefully, with time volunteer IT specialists will find a way to develop a free decryption tool. Paying the ransom might seem like the easiest way to get your files back and get rid of the malware; however, we urge you to consider this option carefully, because despite what the threat’s ransom note says there are no guarantees you will be able to decrypt any files. Consequently, we recommend removing the infection.
The reports say WanaCrypt0r Ransomware is not just a file-encrypting application since it is a worm too. It was spread while exploiting particular vulnerabilities in the Windows operating system. It would seem the weak point could be found both in older and newer Windows versions. This is why Microsoft released updates even for operating systems that are not being uploaded anymore. Users were urged to get these latest security updates to secure the system and avoid the malware.
If you have not updated your system still, we would advise you to do it as fast as possible. Even though the reports say the worm is no longer distributed, cyber criminals can come up with other malicious applications, so it would be unwise to leave the computer unprotected. Plus, to keep the computer protected, it is advisable to not only update the system or other outdated software but also acquire a trustworthy security tool that could help with the task. Obviously, such a tool should always be up to date as well so it could recognize newer threats.
Apparently, when WanaCrypt0r Ransomware enters the system it might create a malicious executable file named tasksche.exe. The suspicious file should be placed in C:\Windows and in a randomly titled folder (e.g. cyyrgpdxins781) located in the C:\ProgramData directory. Afterward, the malware should start encrypting various personal files like pictures, photos, text documents, archives, and so on. It would seem the infection has a list of targeted extensions. To give you an example, the threat could encrypt files with .wav, .swf, .fla, .wmv, .mpg, .vob, .avi, .mpeg, .asf, .mov, .mkv, .flv, .wma, .mid, .djvu, .psd, .svg, .nef, .tiff, .tif, .cgm, .raw, .gif, .png, .bmp, .jpg, .jpeg, and many other extensions. The enciphered files should be marked either with the .WNCRYT or .WNCRY extension.
Each directory containing damaged data should have an executable file called @WanaDecryptor@.exe. Our researchers say, opening it should launch WanaCrypt0r Ransomware’s window. The pop-up message is the infection’s ransom note as it contains explanations, demands, and instructions on how to make the payment. In this message, the malware’s creators answer the question if the user can recover his data by saying: “Sure. We guarantee that you can recover all your files safely and easily.” Needless to say, no matter how reassuring they sound no one can actually guarantee the decryptor will be working after you pay the ransom. Thus, we advise you not to risk your money and find another way to recover the encrypted files, e.g. backup copies on removable media devices, recovery tools, etc. Of course, for safety reasons, it is most advisable to get rid of the worm first.
As you can see we added our recommended deletion steps below the text, although we would advise using reliable antimalware software more, especially if you are not so experienced in removing such malicious programs like WanaCrypt0r Ransomware. Nonetheless, if you feel you can manage you could try erasing the worm manually by following the provided instructions. Lastly, if you need any further assistance or have any questions related to the infection, feel free to add a comment below the text or reach us via social media.
Windows 8/Windows 10
Windows XP/Windows Vista/Windows 7