Remove WannabeHappy Ransomware and Restore Files

Remove WannabeHappy Ransomware and Restore Files


WannabeHappy ransomware is a destructive threat that restricts access to personal information stored on the infected hosts. It uses a strong cipher to modify the original code of predefined target files and then blackmails victims into paying a ransom for the unique data decryption key. WannabeHappy drops and opens an extortion message to instruct victims how to pay a ransom of $500 in Bitcoin.

This article aims to assist all infected users with the WannabeHappy ransomware removal and covers alternative data recovery approaches.

Threat Summary

Short DescriptionThe ransomware encrypts files on your computer and displays a ransom message afterward.
SymptomsThe ransomware will encrypt your files and ask for ransom payment after it finishes its encryption process.
Distribution MethodSpam Emails, Email Attachments, Compromised Web Pages
Detection Tool See If Your System Has Been Affected by WannabeHappy


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss WannabeHappy.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

WannabeHappy Ransomware – Distribution

WannabeHappy ransomware payload is most likely to be spread via malicious email messages whose sender may pose as representative of popular business or governmental organizations. The message may be trying to convince you that the information is of high priority so that you are more prone to download an attachment or follow a presented link that are actually the infection carriers. Beware of all received emails and always scan the files with an anti-malware tool before you open them on the PC.

Sometimes the malicious links that lead to compromised web pages and cause the ransomware infection may be spread on social media channels like Facebook, Twitter, Instagram, etc.

Fake software update notifications and freeware installers may also be used for WannabeHappy ransomware distribution.

WannabeHappy Ransomware – In-Depth Overview

The infection process starts at the moment when the executable file Cryptor.exe is running on the system. It is designed to manage the attack so that the ransomware can successfully plague your system and files.

First, it may collect information about the device and then send it to a server controlled by hackers. Afterward, they can drop more malicious files on your system or at worst install additional malware on it.

One of the primary ransomware functionalities is to create new values in Run and RunOnce registry keys. This interference can enable the automatic execution of all malicious files on each Windows system load. In most of the cases, the same keys allow the ransomware to display its ransom message on the PC screen or lock it at all.

WannabeHappy ransomware is designed to lock the screen with its ransom note which reads:

Ooops your files have been encrypted

What Happened to My Computer?
Your important files are encrypted. Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely easily. But you have not so enough time. You only have 13 hours, 37 minutes and 42 seconds (13:37:42) to submit the payment. After that the price will be doubled. Also, if you dont pay, you won’t be able to recover your files forever. We will have free for users who are so poor that they couldn’t pay in 6 months.
How do I Pay?
Payment is accepted in Bitcoin only. For more information, click @bitcoin logo. Please check the current price of the Bitcoin and buy some bitcoins. For more information, check internet. When the payment is done, report that the payment is done by sending your transaction ID (TX ID) by clicking
—> . I takes a while to validate the payment. After a while you can press the button and when the payment is succesful received, the decryption key will be returned!

Send $500 worth of bitcoin to this address
Validate payment

Key: [] Decrypt

Thank you for using wannabehappy

The ransom message is divided into three columns with the middle one presenting the text. The left one counts down the time until the price gets doubled if the payment is not transferred and the number of encrypted files. Below these two elements stands a filed where the decryption key can be entered. The right column informs: “Send $500 worth of bitcoins to this address” and provides a filed with a bitcoin address below.


Any contacts with the criminals are to be avoided if you don’t want to expose your personal information and PC to further abuses.

WannabeHappy Ransomware – Encryption Process

Crypto locker ransomware like WannabeHappy are designed to generally scan the system for frequently used file types and encrypt them in order to restrict access to important information. The goal is to make victims more prone to pay the ransom as soon after the infection occurs. File extensions associated with the following types of files can be encrypted by WannabeHappy ransomware:

  • Documents
  • Videos
  • Audio files
  • Pictures
  • Archives

All target files are modified by the ransomware via its built-in encryption module. After the encryption process files are completely inaccessible. In addition, WannabeHappy crypto virus can append a specific extension to corrupted data at the end of the names. Victims are unable to open their files until they apply the decryption key.

How to Remove WannabeHappy Ransomware and Restore Files

The detailed guide below will help you to get rid of WannabeHappy ransomware completely. You can remove it manually or automatically. Have in mind that due to the complexity of ransomware code the manual removal of all malicious files and objects can be a hard task even for the tech savvy guys. The automatic approach can help you to eliminate the threat once and forever. After the removal, some encrypted files can be restored via the alternative methods that are part of the guide below. But first, you will need to back up all encrypted files to an external drive to ensure that even if something goes wrong during the restore process, you will still have your data.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share