WantMoney Ransomware might be targeted at people from China because a part of its displayed ransom note provides a text in Chinese. Nevertheless, we cannot say users from other countries might not encounter it since the ransom note is written in English too. Either way, we do not recommend concentrating on the hackers’ demands. They may promise to help you decipher data their malicious program encrypted, but as soon as the payment is made such promises could be forgotten. Therefore, instead of risking the asked sum, we would advise users to eliminate the malware. Once the system is clean, encrypted files could be replaced with copies if you have any on removable media devices, cloud storage, or elsewhere. Those who wish to remove WantMoney Ransomware manually should follow the instructions placed below, although if they appear to be too complicated, we would recommend employing a trustworthy security tool.
As usual with threats like WantMoney Ransomware, it could be distributed while using various methods. For example, users might come across its launcher through Spam emails, malicious installers, other infected data, and so on. It is most likely it was some unreliable file you launched the same day the computer got infected. It is difficult to be more precise because the malicious program might work silently in the background and the user could even open more data before the ransom note gets presented. Still, this file should not be forgotten as it could be launched accidentally again. The next time, you come across suspicious data, we would advise you to scan it with a reliable antimalware tool first and only then open it if the chosen tool does not identify any malicious components. As for Spam emails, if you do not think they carry anything important or something you were supposed to receive, it might be best to erase them without opening the attached data.
What happens when WantMoney Ransomware enters the system? Our specialists say it could create data on a few different Startup locations to make the infection launch automatically with each restart. Besides the malicious program might place other files necessary for it to run correctly as well as _Want Money_.bmp and _Want Money_.txt located on %USERPROFILE%\Desktop and %HOMEDRIVE%. The mentioned picture is used to replace user’s Desktop image, and the text document is probably dropped just in case the user deletes the image since it contains the ransom note too. However, both of them are placed only after the malware finished encrypting user’s files and appends a specific second extension at the end of their names (e.g., AETMB-CXQWZ-RTICD-AXQOS.Encrypted[B32588601@163.com].WantMoney1).
The ransom note could say you have to pay 0.1 BTC if you wish to decipher your files. At the moment of writing it is around 1.708 US dollars. Obviously, it is not a sum anyone would easily give up especially when there is a chance it might be lost in vain. Unfortunately, if you decide to deal with WantMoney Ransomware’s developers, you should know there are no reassurances they will deliver what was promised. For this reason, we recommend not to put up with any demands and get rid of the malicious program at once. The instructions you should see a bit below the text can tell you how to erase the threat manually. As for users who prefer automatic features or who find the instructions a bit too complicated, we advise using a trustworthy antimalware tool instead.
Windows 8/Windows 10
Windows XP/Windows Vista/Windows 7