A new folder locker threat has been reported to infect the victims’ computers and set a lockscreen message whose primary purpose is to lock the screen on the infected computer and lock it’s folders, while demanding from victims the ransom amount of 0.05 BTC. The ransomware infection is the screenlocked type and it uses a simple password locker in order to get the folders on the affected computer to deny access. In case your computer has been affected by the WANNACRYPT folder locker ransomware, recommendations are to follow the instructions in this article to remove this malware from your computer system and restore your computer back to working state.
|Short Description||WANNACRYPT Ransomware is from the folder locker type of malware which locks the folders on infected computers until a ransom has been paid to unlock them.|
|Symptoms||The screen of the victim’s computer is locked and the folders are no longer openable. A ransom note with a bar code under which the words WANNACRYPT or ANONYMOUS are written.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by WANNACRYPT |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss WANNACRYPT.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
WANNACRYPT Ransomware – How Does It Infect
In order to perform a successful infection on the computers of victims, the WANNACRYPT ransomware virus may use a variety of techniques to slither into your computer system. Such are reported to be different methods from the likes of spammed e-mail messages which contain either malicious e-mail attachments embedded within them or malicious web links that aim to infect the computers of victims by simply being clicked on, similar to the fake PayPal malicious link spam e-mail down below:
In addition to malicious e-mail spam messages, the WANNACRYPT Folder Locker ransomware may also perform other unwnated methods in order to slither into your computer, such as have malicious files uploaded and ready for you to download them, while believing they are legitimate:
- Setups of free programs.
- Software installers, like drivers and other types of important programs.
- Game installers.
- Cracks and patches for programs and games.
- Software license activators.
- Key generators.
Most users tend to become misled and download such suspicious programs on their computers, believing they are the installers they were looking for.
WANNACRYPT Folder Locker Ransomware – More Information and Activity
After being installed on your computer system, the WANNACRYPT ransomware virus may drop it’s primary malicious executable, detected at VirusTotal to be with the following parameters:
After the file is executed on the victim’s computer it may perform series of unwanted activities among the victim’s computer, starting with adding a scheduled task or a registry entry in Windows Registry Editor which both have the capability of running the file automatically in the future. The targeted registry sub-keys for this are believed to be the following:
After this ransomware infection has done various different types of activities on the victim’s computer that make it run automatically, WANNACRYPT Folder Locker begins to lock the important folders of the infected computer. The ransomware infection may lock the following folders, in which most of the important files of the user are likely to be located:
- %Program Files%
For the locking procedure, the developer of WANNACRYPT has likely taken the source code of a program which is similar to the programs Folder Lock or Doc Lock, which use simple encryption to lock folders and make them hidden, until the user enters a unique unlocking password.
After locking the folders on the victimized device, the WANNACRYPT virus sets the following ransom notes so that the victim knows of the virus’s presence:
Instructions from image:
“Your computer has been hacked and all your important files are now encrypted. To get back your all files you need to purchase the private key in Btcoin. Pay the EXACT amount to the Address given below
Amount: 0.05 BTC”
At this moment, it is not clear whether or not the ransomware has become spread worldwide, like the WannaCry ransomware outbreak, but in the event that your computer has been infected by WANNACRYPT Folder Locker, we advise you to NOT PAY THE RANSOM, since this virus is now unlockable and you can unlock your folders for free.
Remove WANNACRYPT Ransomware and Restore Access to Your PC
Before beginning to actually remove this virus from your computer, we would advise you to enter the unlock code which was discovered by malware analyst and ransomware hunter Karsten Hahn (@struppigel) who kindly provided it in Twitter:
After unlocking your PC, we would recommend that you move all your important files away from it on a flash drive or some other external memory carrier. Then, you can proceed securing your computer.
For the removal of this ransomware virus, we would strongly advise you to follow the removal instructions we have stated down below. They are specifically divided in manual as well as automatic removal steps. To perform such a removal manually, it is a benefit if you have experience in malware removal, otherwise experts always recommend to use an advanced anti-malware software to remove WANNACRYPT automatically from your PC, using an advanced anti-malware software. Downloading and installing such program will make sure that the malware is gone from your system completely and will effectively protect your computer against future infections as well.