Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

.Wcry File Virus – Remove It and Restore Your Files

The article will aid you remove .Wcry file virus totally. Follow the ransomware removal instructions provided at the end of the article.

.Wcry file virus is also ransomware. Over 160 different file extensions will become encrypted and a ransom message will be displayed afterward. From there, you can see the demands for payment of the cybercriminals that developed the .Wcry file cryptovirus. The ransomware connects to a C&C (Command and Control) server. Read below to see how you could try to potentially restore some of your files.

Threat Summary

Name .Wcry file virus
Type Ransomware
Short Description The ransomware will encrypt files with a little over 160 different extensions on a compromised system.
Symptoms The ransomware encrypts files on your PC and displays a ransom message afterward.
Distribution Method Spam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .Wcry file virus


Malware Removal Tool

User Experience Join Our Forum to Discuss .Wcry file virus.
Data Recovery Tool Data Recovery Pro by ParetoLogic Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.Wcry File Virus – Infection Spread

The .Wcry file virus could spread its infection with different methods. The payload file that initiates the malicious script for this ransomware, which in turn infects your computer machine, might be placed on different places on the Web. A C&C server that is believed to be associated with this ransomware is rphjmypwmfvx6v2e(.)onion.

This .Wcry file virus could also spread its payload file on social media and file-sharing sites. Freeware found on the Web can be presented as helpful but could also hide the malicious script for the virus. Refrain from opening files right after you have downloaded them, especially if they come from dubious sources such as links and emails. Instead, you should scan them first, with a security tool, while also checking their size and signatures for anything that seems suspicious. You should read the ransomware preventing tips in the forum.

.Wcry File Virus – Analysis

.Wcry file virus is a ransomware that will encrypts files with a little over than 160 different extensions, while appending the extension .wcry to them.

.Wcry file virus ransomware could make entries in the Windows Registry to achieve persistence, launch and repress processes in Windows. Some entries are designed in a way that will launch the virus automatically with each boot of the Windows Operating System.

A ransom note will appear right after the encryption process has ended. The note is written in the English language and gives details about what the ransom price is, along with other demands for paying. You can view the ransom message, which loads after the file encryption process, right down here:

That ransom note reads the following:

Your files have been safely encrypted!
Most of your files are encrypted with strong AES-128 ciphers.
To decrypt files you need to obtain the private keys, and it is the only possible way.
To obtain the keys you should pay them with bitcoin.
The cost will double by the specified time.
The cost will double
[date and time] What to do, How to do
1. Send 0.1 BTC to 1G7bggAjH8pJaUfUoC9kRAcSCoev6djwFZ
You will be able to download the private key within 12 hours.
2. How to DECRYPT your files
1) Click “Start Decrypt”.
2) First, you should send a download request with your Bitcoin wallet address.
(Important: You must know your actual wallet address from where your payment be sent.)
3) Sleep.
4) After 5~6 hours you will have the key and can decrypt your files. Go!
5) That’s all.

3. About BITCOIN
1) For more information about bitcoin, please visit https://en.wikipedia.org/wiki/Bitcoin
2) Here are our recommendations to purchase bitcoin:

Any attempt to corrupt or remove this software will result in immediate elimination of the private keys by the server.
Start Decrypt

The note of the .Wcry file ransomware states that your files are encrypted with an AES 128-bit encryption algorithm. A ransom sum of 0.1 Bitcoins is asked as payment for unlocking your files by the cybercriminals. The equivalent of that sum of money in US dollars is almost exactly 100 dollars. You will be given around five full days to pay the ransom, but we advise against that. You should NOT under any circumstances pay the cyber crooks. Your files might not get restored, and nobody could guarantee that. You will only end up giving money to these criminals and inspiring them to create more ransomware or do other criminal acts.

.Wcry file ransomware seeks to encrypt files with a little over than 160 different extensions, which you can see in the following list:

→.key, .crt, .csr, .p12, .pem, .odt, .ott, .sxw, .stw, .uot, .3ds, .max, .3dm, .ods, .ots, .sxc, .stc, .dif, .slk, .wb2, .odp, .otp, .sxd, .std, .uop, .odg, .otg, .sxm, .mml, ., .lay, .lay6, .asc, .sqlite3, .sqlitedb, .sql, .mdb, .db, .dbf, .odb, .frm, .myd, .myi, .ibd, .mdf, .ldf, .sln, .suo, .cs, .c, .cpp, .pas, .h, .js, .vb, .pl, .dip, .dch, .sch, .brd, .jsp, .php, .asp, .rb, .java, .jar, .class, .sh, .mp3, .wav, .swf, .fla, .wmv, .mpg, .mpeg, .vob, .asf, .avi, .mov, .mp4, .3gp, .mkv, .3g2, .flv, .wma, .mid, .m3u, .m4u, .ai, .psd, .nef, .tiff, .tif, .cgm, .raw, .gif, .png, .bmp, .backup, .zip, .rar, .7z, .gz, .tgz, .tar, .bak, .tbk, .tarbz2, .PAQ, .ARC, .aes, .gpg, .vmx, .vmdk, .vdi, .602, .hwp, .edb, .potm, .potx, .ppam, .ppsx, .ppsm, .pps, .pot, .pptm, .xltm, .xltx, .xlc, .xlm, .xlt, .xlw, .xlsb, .xlsm, .dotx, .dotm, .dot, .docm, .docb, .jpg, .jpeg, .dwg, .pdf, .rtf, .csv, .txt, .wk1, .wks, .123, .vsdx, .vsd, .eml, .msg, .ost, .pst, .pptx, .ppt, .xlsx, .xls, .docx, .doc

Extensions Source: MalwareHunterTeam

Every file which has one of the extensions from the above list will get encrypted.

The .Wcry file cryptovirus is more than likely to erase the Shadow Volume Copies from the Windows Operating System by utilizing the following command:

→vssadmin.exe Delete Shadows /All /Quiet

Continue reading and check out what ways you could try to potentially restore some of your data.

Remove .Wcry File Virus and Restore Your Files

If your computer got infected with the .Wcry file ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Manually delete .Wcry file virus from your computer

Note! Substantial notification about the .Wcry file virus threat: Manual removal of .Wcry file virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .Wcry file virus files and objects
2.Find malicious files created by .Wcry file virus on your PC

Automatically remove .Wcry file virus by downloading an advanced anti-malware program

1. Remove .Wcry file virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .Wcry file virus
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.