Wannacry 3.0 Ransomware Removal Guide

Wannacry 3.0 ransomware is the latest variant of the notorious ransomware infection Wana Decrypt0r, also dubbed Wcry or simply WannaCry, that has caused a global havoc in 150 countries and affected over 200,000 computers since it was spotted on May 12, 2017. The infection was launched after a group of hackers stole information on Windows' vulnerabilities form the National Security Agency. To be more precise, the attackers used the EternalBlue exploit for infecting outdated Windows operating systems, ranging from Windows XP to Windows 8.

The Wana Decrypt0r ransomware scans the system and encrypts huge numbers of files, which has already lead to a lot of inconvenience to various institutions, including healthcare centers, schools, and manufacturers. Due to the restricted access to patients' data, National Health Service in the U.K. has to cancel operations and appointments and announce a statement that people should seek professional care in case of emergency.

When affected by the Wannacry 3.0 ransomware, or any type of ransomware, you should stay calm even though the fact that all your files are no longer accessible is likely to be shocking. Authoritative institutions, including the FBI, advise victims against paying the ransom requested as there are no guarantee that the attackers are willing to help their victims restore their encrypted data. Paying the sum of 300 in the Bitcoin cryptocurrency is not likely to solve the problem. To compel victims to pay the ransom, the attackers agree to decrypt several files. By paying the money demanded you only encourage the schemers behind the WannaCry 3.00 to continue developing their malicious code. Instead of paying up, you should remove the Wannacry 3.0 from the computer as take preventative measures so that the system remains malware-free for ever.

Interestingly, the first variant of the Wanna Cry malware has the feature that can stop it from spreading. For example, the release of the Wanna Cry malware was soon experimentally stopped from spreading by a 22-year-old researcher who found the so-called kill switch. The second variant, known as WannaCry 2.0 does not have the kill switch and can be prevented by only patching the OS. This infection was believed to be only a part of the malicious cyber operation.

Fortunately, the kill switch for the Wannacry 3.0 ransomware has been found. IT expert Matthieu Suiche found that the Wannacry3.0 ransomware connects to ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com, which was immediately purchased and registered to prevent the spread. Wannacry 3.0 ransomware, as well as its prior counterparts, is programmed to first connect to an unregistered domain. If the infection cannot connect to a specific domain, it continuous the operation and encrypts files. If the connection does not fail, the infection terminates itself.

Several other kill switch of the WannaCry malware known to malware researchers includes the following domain addresses:

The ransom notes of the Wannacry 3.0 ransomware and associated versions come in different languages, and malware researchers attempted to identify the group of hackers who has carried out such a massive cyber attack. In the beginning, it was believed that the hackers responsible for the cyber attack are from North Korea. Recent evidence shows that the note in North Korean was a translation from a different language. It is now believed that a fluent Chinese speaker could have created the infection. Such a conclusion was drawn after analyzing ransom messages written in 28 languages. Only Chinese and English messages seemed to have been written by a human. Unique content not present in any other message was found substantially different from the rest of the messages analyzed. The English ransom note had one error implying that it had not been written by a native speaker.

Overall, malware researchers can only continue guessing whether this seemingly China-originated infection will be further developed to cause even more damage. For now, it is crucial to take action to remove the Wannacry 3.0 ransomware and make sure that no other malware infections will ever get access to your personal data.

When it comes to malware removal, our advice is to rely on powerful anti-malware software so that no dangerous files are left on the computer. On top of that, anti-malware programs fight off various threats, so we encourage you to implement a reputable security program. In case you want to try removing the Wannacry 3.0 ransomware all by yourself, use the following removal guide, but keep in mind that you delete files at your own risk.

How to remove Wannacry 3.0 ransomware

1. Delete recently downloaded files from your download directory.
2. Delete all malware .exe files located in the directories containing encrypted files.
3. Access the All Users folder in the Documents and Settings directory (Disk C) and check randomly named folders. If you find the file tasksche.exe, delete the whole folder (for Windows XP).
4. Access the Program Data folder and find randomly named folders. Search for the file tasksche.exe and delete its location if the file is present (for Windows Vista and later versions).