WannabeHappy Ransowmare Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 133
Category: Trojans

WannabeHappy Ransomware is a relatively new computer infection that was first spotted on the second half of October of 2017. We have found that it is distributed using email spam and unsafe RDP configurations. Removing this extension is highly recommended because it was designed to encrypt your files and then demand that you pay a ransom in Bitcoins to decrypt them. However, the cybercriminals can trick you as they might not send you the decryption key once you have paid. We recommend that you delete this ransomware because the 500 USD-worth of Bitcoins is too much to pay unless you have files that are worth paying this kind of money. However, again, you cannot the cybercriminals’ word for it. To find out more about this infection, please read this description.

Before we discuss how this ransomware functions, we want to go over how its creators distribute it. In typical ransomware fashion, WannabeHappy Ransomware is distributed via email spam. You may receive a suspicious email with an attached file that can pose as a document. However, if you open it then your computer will become infected with this new ransomware, and it will subsequently start encrypting your files. Furthermore, this ransomware can infect your PC if you have an unsafe Remote Desktop Protocol (RDP.) The original file name of this program is “Cryptor.exe” which can be dropped anywhere on your PC, so you may find it difficult to locate on your own.

The encryption method used by this ransomware is not yet known, but we think that it can be strong enough to be quite difficult to decrypt using a third-party decryption tool. This ransomware targets documents, pictures, videos, and other files to encrypt as much valuable information as possible. As a result, you will not be able to access the contents of the encrypted files. This ransomware adds a “.encrypted” file extension to the end of the original extension. Interestingly, the ransom note that is shown once the encryption process is complete says that your files will be decrypted if you do not have to money to pay the ransom for six months so, in theory, you can wait it out. What is more bizarre is the fact that the note says you have 13 hours, 37 minutes and 42 seconds to pay the ransom because it will double if you do not meet the deadline.

The cybercriminals accept payments in Bitcoin only, so you will have to buy 500 USD-worth of Bitcoins to pay the ransom. After you have sent the payment, you have to click the “Validate payment” and then “Report payment” buttons. Once the payment is conferment, you can click the “Get key to decrypt” button to get the key and decrypt your files. However, again, you cannot trust cybercriminals to keep their end of the bargain, so we do not recommend that you pay the ransom.

In conclusion, WannabeHappy Ransomware is a highly malicious computer infection that can infect your PC by stealth and encrypt your most valuable files such as pictures, documents, and so on. If you want to remove it, then we recommend that you get a powerful anti-malware such as SpyHunter to locate this malware so that you could delete it manually.

How to delete this ransomware

  1. Go to http://www.411-spyware.com/download-sph
  2. Download SpyHunter-Installer.exe and install it.
  3. Launch it and select Scan Computer Now!
  4. Then, press Windows+E keys.
  5. Enter the file path of the malicious files in the File Explorer’s address box and press Enter.
  6. Right-click the malicious files and click Delete.
  7. Right-click the Recycle Bin and click Empty the Recycle Bin.
Download Remover for WannabeHappy Ransowmare *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

WannabeHappy Ransowmare Screenshots:

WannabeHappy Ransowmare
WannabeHappy Ransowmare
WannabeHappy Ransowmare

Comments are closed.