A very nasty Ransomware threat named Wannacry Virus has been recently reported to infect users’ computers and apply a secret encryption to the files, found on them. You probably landed on this page because your data has also been locked and now some anonymous hackers are blackmailing you to pay ransom to get it back. So what should you do? In the next lines, we will offer you a solution against this tricky malware, which contains a free removal guide and some file-restoration instructions. First, however, we will provide you with some more details about the nature of the Ransomware threats and the way they operate. This will give you a better understanding and will help you decide how to act against them.
Gaining basic understanding about Ransomware…
Among all the nasty threats that might be lurking online, Ransomware is probably the most dreadful. This type of software has been created with one very malicious purpose – to encrypt the users’ files and blackmail them into paying ransom to decrypt them. The criminal hackers have recently turned this tricky scheme into a very profitable and prosperous “business”, which brings them enormous profits from every miserable user, who agrees to pay their ransom. They keep developing more of these Ransomware threats and each and every time they come up with a newer and more advanced version. A typical representative is Wannacry Virus – a nasty cryptovirus, which silently sneaks inside your computer and locks all the data found on it with its secret encryption algorithm. Then, this Ransomware places a ransom note on your screen, asking you to pay a certain amount of money for a special decryption key, which can reverse the malicious encryption. The deadline for completing the ransom payment is usually very short, giving the victims no time to think, and is oftentimes accompanied by various threatening messages.
More flexible and tricky methods are used to distribute the Ransomware…
More and more users are getting infected with threats like Wannacry Virus, because these nasty scripts use very delusive and advanced methods of distribution. The hackers usually spread their malicious “baby” with the help of different contagious electronic messages and fake ads, spam, emails with malicious attachments, misleading links, social shares, sketchy software installers, torrents, and what not. One infection method, which proves to be very effective to deliver Wannacry Virus inside the user’s machine, is the Trojan horse. This type of malware is very hard to detect and usually compromises your computer without any visible symptoms. It basically creates system vulnerability, thanks to which, the Ransomware gets delivered inside the computer without fail. It also helps the malware to remain under the radar of most of the security software, which is what makes this tricky Trojan-Ransomware combo a real challenge for most of the security experts. Basically, it is very difficult to prevent and remove Wannacry Virus on time, before it has encrypted your files, and unfortunately, you will only come to know about it when it displays the ransom note on your screen.
Is there anything that can help you after Wannacry Virus has placed its malicious encryption?
To our great disappointment, there aren’t many options you can choose from, once Wannacry Virus has encrypted your files. Of course, you can always remove the Ransomware from your system with the help of a removal guide like the one below. This will save you from a really nasty and compromising threat, which is really important, especially if it comes along with a Trojan. However, this alone will most probably not reverse the malicious encryption, which has been applied to your files, and you may still not be able to access them even though the malware is not present on your machine anymore. Unfortunately, this is the most dreadful consequence of the Wannacry Virus infection – its encryption usually remains and, except for the special decryption key, there is hardly anything else, which can break it. But don’t lose hope! There are a few file-restoration instructions, which may help you save some of your data. We have included them in the guide below and while we can’t promise you they will work miracles, giving them a try will still cost you nothing. You can also try to use some specialized software or ask a professional to help you restore some of your files, but still, you most probably won’t be able to recover all of your encrypted data to the fullest. Paying the ransom isn’t a wise solution either, because there is absolutely no guarantee that the hackers will send you the promised decryption key after they receive your money. In most of the cases, they simply vanish once they get what they want and there is nothing that can make them remember about you and your misery. On the other hand, if you have some external backups or copies of your files, you can use them and minimize your data loss. Just make sure you remove Wannacry Virus first, so it won’t encrypt them as well.
Wannacry Virus Ransomware Removal
Prior to starting to execute the steps from the guide, we advise you to either bookmark this page or open it on a separate device since throughout the process of completing the guide, you might need to exit your browser.
1: Using Safe Mode
Before beginning to troubleshoot the issue, you are advised to enter Safe Mode on your PC. If you do not know how to do that, use this guide on how to enter Safe Mode.
2: Spotting the process
Open your Task Manager using the Ctrl + Shift + Esc key combination. Next, go to the processes tab and carefully look through the list for any shady entries. Usually, malicious processes will be consuming large amounts of CPU and RAM and will either have no description or will have a suspicious-looking one.
Once you identify the virus’ process, right-click on it and select Open File Location. Delete everything in the folder that opens if you are sure that the process was malicious. If you are not sure, contact us in the comments.
Go back to the Task Manager and end the potentially harmful process.
3: Hosts file IP’s
Go to your start menu and in the search field, paste the following address: notepad %windir%/system32/Drivers/etc/hosts. Select the first result and look at the bottom of the newly opened notepad file. See if there are any IP’s below “Localhost” and tell us in the comments if there were any IP addresses.
4: System Configuration Startup Programs
Type System Configuration in the Windows search bar and open the first result. Go to the Startup tab and take a look at the list of startup programs (on Windows 10, the Startup programs can be seen in the Startup Section of the Task Manager). If any of them look shady or have unknown manufacturer or a manufacturer with a sketchy name, uncheck those entries and click on OK.
Open the Run window (WinKey + R), type regedit and press Enter. Once the Registry Editor opens, press Ctrl + F and type the name of the virus. Select Find Next and delete whatever gets found that has the virus’ name. Do that with all search results.
6: Deleting potential virus files
Open the Start Menu and separately type each of the following locations: %AppData% %LocalAppData% %ProgramData% %WinDir% %Temp% . Open each of those folders and sort their contents by date. Delete the most recent files and folders. When you open the Temp folder, delete everything in it.