Wana Decrypt0r Trojan-Syria Virus – Remove It and Restore Data

Wana Decrypt0r Trojan-Syria Virus – Remove It and Restore Data


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Wana Decrypt0r Trojan-Syria and other threats.
Threats such as Wana Decrypt0r Trojan-Syria may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will aid you remove Wana Decrypt0r Trojan-Syria ransomware fully. Follow the ransomware removal instructions at the end.

Wana Decrypt0r Trojan-Syria is a ransomware virus which uses the ransom note and extension of WannaCry. Despite that, the virus uses the code of the open-source HiddenTear project. Still in development, the ransomware is set to place two different extensions to encrypted files depending on the version. The extensions are .Wana Decrypt0r Trojan-Syria Editi0n and .wannacry. The Wana Decrypt0r Trojan-Syria virus will demand a ransom sum of 50 dollars. Read on to see how you could try to potentially restore your data in case it got locked.

Threat Summary

NameWana Decrypt0r Trojan-Syria
Short DescriptionThe ransomware is coded to encrypt files on your computer and displays a ransom message afterward.
SymptomsThe ransomware is set to lock your files and put an extension to them after it finishes its encryption process. That extension varies, depending on the version.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Wana Decrypt0r Trojan-Syria


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Wana Decrypt0r Trojan-Syria.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Wana Decrypt0r Trojan-Syria Virus – Infection

Wana Decrypt0r Trojan-Syria ransomware could spread its infection with various methods. A payload dropper which initiates the malicious script for this ransomware is being spread around the Internet, and researchers have gotten their hands on a malware sample. If that file lands on your computer system and you somehow execute it – your computer will become infected. You can see the detections of such a file on the VirusTotal service down below:

Wana Decrypt0r Trojan-Syria ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the virus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the tips for preventing ransomware found in the forum section.

Wana Decrypt0r Trojan-Syria Virus – Details

Wana Decrypt0r Trojan-Syria is the name of a virus that uses the WannaCry craze among ransomware developers. However, malware researchers have found out that the virus has its code based on the HiddenTear project rather than the one from WannaCry. Furthermore, the virus seems to be in a developmental stage and is unknown when its final version is going to be released in the wild.

Wana Decrypt0r Trojan-Syria ransomware could be set to make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.

See the ransom note that displays after the completion of the encryption:

That ransom note reads the following:

Ooops, Your Files Have Been Encrypted !!!
What Happened To My Computer?
your important files are encrypted.
many of your documents, photos, videos, and other files are no longer
accessible because they have been encrypted, maybe you are busy looking
way to recover your files, but do not waste your time, nobody can recover
your files without our decryption service.
Can I Recover My Files?
sure we guarantee that you can recover all your files safely and easily.
but you have not so enough time.
if you need to decrypt your files, yo need to pay.
you only have 3 days to submit the payment.
after that the price will be doubled or your files and computer will be destroyed
How Do I Pay?
payment is accepted in bitcoin only, for more information, click
check the current price of bitcoin and buy some bitcoin. for more information,
and send correct amount to the address below
after your payment, click to to decrypt your files.
Send $50 Worth In Bitcoin To This Address
BTC Copy
Check Payment

The note of the Wana Decrypt0r Trojan-Syria ransomware states that your files are encrypted. A ransom sum of 50 US dollars is demanded as payment for potentially unlocking your data. However, you should NOT under any circumstances pay that ransom. Your files may not get restored, and nobody could give you a guarantee for that. Moreover, giving money to cybercriminals will likely motivate them to create more ransomware or do similar criminal acts.

The ransomware also sets the following picture as a Desktop background:

Wana Decrypt0r Trojan-Syria Virus – Encryption

As Wana Decrypt0r Trojan-Syria ransomware is a HiddenTear variant it could seek to encrypt files with the following extensions:

→.txt, .doc, .docx, .xls, .xlsx, .pdf, .pps, .ppt, .pptx, .odt, .gif, .jpg, .png, .db, .csv, .sql, .mdb.sln.php, .asp, .aspx, .html, .xml, .psd, .frm, .myd, .myi, .dbf, .mp3, .mp4, .avi, .mov, .mpg, .rm, .wmv, .m4a, .mpa, .wav, .sav, .gam, .log, .ged, .msg, .myo, .tax, .ynab, .ifx, .ofx, .qfx, .qif, .qdf, .tax2013, .tax2014, .tax2015, .box, .ncf, .nsf, .ntf, .lwp

Any file that gets encrypted will receive the same extension appended to them. Depending on the version that could be either the .Wana Decrypt0r Trojan-Syria Editi0n or the .wannacry. The encryption algorithm which is implemented is undoubtedly AES since it is a HiddenTear variant, but more algorithms could be added in the near future.

The Wana Decrypt0r Trojan-Syria virus might be set to erase all the Shadow Volume Copies from the Windows operating system with the aid of the following command:

→vssadmin.exe delete shadows /all /Quiet

If the command stated above is executed that would make the encryption process more efficient as it will eliminate one of the ways for restoring your files. If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially recover your data.

Remove Wana Decrypt0r Trojan-Syria Virus and Restore Data

If your computer got infected with the Wana Decrypt0r Trojan-Syria ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Note! Your computer system may be affected by Wana Decrypt0r Trojan-Syria and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Wana Decrypt0r Trojan-Syria.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Wana Decrypt0r Trojan-Syria follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Wana Decrypt0r Trojan-Syria files and objects
2. Find files created by Wana Decrypt0r Trojan-Syria on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Wana Decrypt0r Trojan-Syria

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share