WannaRen Ransomware Removal Guide

WannaRen Ransomware is a terrible infection that can encrypt your files, but if that has happened already, we want to inform you that a private key that should decrypt your files has been made public. Scroll down to the manual removal instructions below to find this key. We cannot guarantee that all victims of this dangerous infection will be able to restore their files using the same private key, but that is what we are hoping for. Alternatively, victims could use the backup copies of their files to replace the ones that were corrupted. What we do not see as a solution is paying the ransom that the attacker behind this dangerous infection requests. The quest is made via a window that the infection launches once all of the intended files are encrypted. All in all, regardless of what you end up doing about the ransom and about the decryption of your files, this story needs to end with the elimination of the infection. Do you know how to delete WannaRen Ransomware from your operating system?

If WannaRen Ransomware has invaded your system, you might remember downloading something new onto your computer. For example, Notepad++ has been found to be used for the distribution of the threat. Without a doubt, you need to be very careful about what files you download and what sources you download them from. If the source is not reputable, and if the file is not presented in a transparent way, you should not install it. Note that WannaRen Ransomware is not the only infection that is spread that way. All in all, if you were tricked into downloading a bundle that hid the ransomware, a PowerShell script must have been executed, and then the ransomware itself must have been installed. Along with it, a cryptocurrency miner could have been dropped as well. While a ransomware is impossible to not notice, and you should realize that you need to delete it soon after it invades, a miner can stay hidden, and if it does not cause your computer to overheat, lag, or crash, you might not notice anything bad happening. We recommend installing a malware scanner to see exactly what it is that you need to remove.

If your operating system is part of a larger network of systems, WannaRen Ransomware could try to invade them using an EternalBlue vulnerability. Due to this functionality, it is believed that this malware was created to attack larger companies, and not individual Windows users. Regardless, when this malware slithers in, it encrypts files, and then it launches the “WannaRen” window to present instructions. According to them, the victims of this malware need to pay a ransom of 0.05 Bitcoin in return for a private key that should restore all files. 0.05 BTC might sound like a small sum, but in Chinese Yuan, it converts to around 2,500. After the payment, the victim is also meant to confirm it by sending a message to WannaRenemal@goat.si. You have to decide what you want to do, but even if the decryption key was not public, we would not recommend paying the ransom and especially contacting the attackers. Most victims who pay ransoms in return for decryptors end up with nothing in their hands, and their inboxes get flooded with new misleading and intimidating messages from cybercriminals instead.

Whether you get your files back or not, you must remove WannaRen Ransomware from your operating system. You also need to secure it to prevent new infections from invading. While you should minimize your chance of facing other file-encryptors in the future if you implement trusted anti-malware software, you still need to take precautionary measures. One of them is to back up all important files. Whether you are operating a computer at work or at home, you want to make sure that you have copies in case someone encrypts your files, steals your device, or if physical damage occurs. We recommend using both online clouds and external drives to keep copies of your personal files safe. Another thing you need to take care of is your own behavior. Note that if you remain careless when downloading files, visiting unfamiliar websites, or even interacting with spam emails, you could face new infections sooner than you think.

How to delete WannaRen Ransomware

1. Enter the decryption key (see below) into the infection’s window.
2. Tap Win+E keys to launch File Explorer.
3. Enter the following lines into the filed at the top to check for malicious files.
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
   • %TEMP%
4. If you think you have found malicious files, Delete them immediately.
5. Empty Recycle Bin and then use a legitimate malware scanner to check if you have succeeded.

WannaRen Ransomware decryption key:

MIIEowIBAAKCAQEAxTC / Igjuybr1QbQ1RmD9YxpzVnJKIkgvYpBrBzhsczHQ8WeC
7ikmC5jTbum1eCxTFTxvtnONEy2qDbnSS5fbK / lxYExj6aDLKzQxXCOVSdSQCesW
g1i5AAdUC9S246sdS9VKxT0QL24I + SG + ixckBhcB + ww6z47ACegoH0aLDwvRvehZ
Ycc1qFr1lhRXQpHunrlg4WRphH5xBbszOI + dFRDOpprnbN56CHoLb0q1SzzV3ZFA
FF6Df68Pux1wMHwEXbULRHo5AIZJPJq8L9ThWVsj6v42jAjJQ8m8bRh0 + Jz4Rohk
WwPgL + VFxDG2AiiCU5 / yLNoQX0JM9VWBxy6Z3QIDAQABAoIBADi / KoH06CMNtn7O
CXbTepgGiKKcCVGMTHak8OgHCM6ty19tVnSLSvOTa2VDxIFs4AwAdHWhEzwtq / 5 /
N1GhxeUFx + balPYq28z3HC1T4CZ7EWiJStVJtxOXCEzPTkJ + f9PO8dGJHRtJIzPu
zhLg + fD2tg81GceZYRJ4yPMXLfWKA5DmGkRv / 1Usq5zvMClLdrmw / q2rnCbRLdeE
EAzSAi9kqsnEaZKfCbXb / gby + bUwAgn7mxs + CJ611hzD / r2w9dgXkaUJYuKRRv + B
GlQHBRQ7hXogkIzeaGqmw8M3xko7xzADsytFYxt2Kthuww2YV4E6Q1Hl4bBW0q + g
w + jSolECgYEA0Tnns + LaqMd5KCQiyWlCodQ2DtOMOefhIrJbRhdAkAq6FtVICxkL
nIJL0gmo4T / zDaMr8vsn7Ck + wLjXUsYt1 / EulLtVnuH76FU0PkjJqBdre5Gjf23 /
YGHW7DJEoH3p / 7DIgV4 + wXPu6dD + 8eECqwm1hLACOxkfZnOFZ1VGxeMCgYEA8UYH
jaA69ILlz0TzDzoRdTmam6RDqjsVO / bwaSChGphV0dicKue25iUUDj87a1yLU5Nq
t0Kt0w1FL / iile1Eu4fe4ryukPGw2jAZh / xq7i2RRSFLXim5an9AbBVQ55478AJa
sTaIOSoODgBspsBLShnXQRKEfwYPv2GthhcJLT8CgYAssRDERQ3uBYXkxCtGGJzq
Enllm1yVtelKTwzeIPNikVgErpRQAo6PZOmrOPMBAnb5j8RAh9OUR48m / ZTJEpoS
SWtoy8dTQ / RaQXECaOviYvZLk + V3v9hQDzYoh + hO2 / aS7oE12RrQmeILwd / jbOvz
+ wPyDuK7GvexG7YAR5 / xfwKBgQCA8p6C0MnxeCv + dKk60BwYfKrm2AnZ5y3YGIgw
h2HS5uum9Y + xVpnnspVfb + f / 3zwPdNAqFZb1HziFBOtQGbkMSPeUUqcxjBqq4d4j
UYKMvQnQ2pR / ROl1w4DYwyO0RlteUMPLxotTkehlD1ECZe9XMSxb + NubT9AGxtuI
uLMM3QKBgGl0mYCgCVHi4KJeBIgabGqbS2PuRr1uogAI7O2b / HQh5NAIaNEqJfUa
aTKS5WzQ6lJwhRLpA6Un38RDWHUGVnEmm8 / vF50f74igTMgSddjPwpWEf3NPdu0Z
UIfJd1hd77BYLviBVYft1diwIK3ypPLzhRhsBSp7RL2L6w0 / Y9rf