.weapologize Files Virus (SamSam) - How to Remove - Restore Files
THREAT REMOVAL

.weapologize Files Virus (SamSam) – How to Remove – Restore Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by SamSam .weapologize and other threats.
Threats such as SamSam .weapologize may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article has been created in order to explain what is the .weapologize SamSam ransomware virus and explain how to remove it fully from your computer system and how to try and restore RSA encrypted files by it.

‘0000-SORRY-FOR-FILES.html’ is the ransom note which is left on the victims computers, after they have been infected by the latest version of SamSam ransomware. Even though the ransomware infection may add different file extensions, some of the infected users and companies have reported that primarily the file suffix .weapologize has been added to the encrypted files after they are no longer openable. The virus is believed to use RSA encryption, which is generally difficult to decrypt and asks for 1 BTC of ransom payoff. If your computer has been infected by the .weapologize variant of SamSam ransomware, we recommend that you read the following article to learn how to remove it from your computer and how to try and restore files that have been encrypted by this version of SamSam ransomware.

Threat Summary

NameSamSam .weapologize
TypeRansomware
Short DescriptionThe ransomware encrypts files with RSA encryption cipher and asks a ransom payment of 1 BTC for decryption.
SymptomsFiles are encrypted with RSA encryption and become inaccessible with an added .weapologize file extension to them. A ransom note with instructions for paying the ransom shows as 000-SORRY-FOR-FILES.html file.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by SamSam .weapologize

Download

Malware Removal Tool

Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

SamSam .weapologize Ransomware – Distribution Methods

In order to cause an infection to maximum amount of victims, the cyber-criminals who spread the virus files of SamSam may use different tactics, that can be proactive and passive. If they use proactive tactics, this means that it is likely your computer may have gotten infected with the .weapologize variant of SamSam ransomware via e-mail spam messages. Such messages are believed to be various different deceitful messages, that aim to convince inexperienced future victims that they come from legitimate companies. Most often in such cases, big company names from the likes of PayPal, eBay, Amazon or others are used to increase the trust in the user, for example the fake e-mail containing an infection link that looks like a PayPal button below:

In addition to this, the infection file of SamSam ransomware is also believed to likely be spread via more passive methods as well, for example:

  • Via fake setups of programs.
  • Via fake game patches or cracks.
  • Via fraudulent software license activators.
  • Fake key generators.

SamSam .weapolgize Ransomware – Malicious Activity

SamSam (also known as Samas) has been reported to download it’s malicious payload after infection from a third-party C&C server. The malicious payload usually consists of various different types of files and something, called PsExec. Unlike your traditional ransomware virus, this variant of SamSam firstly employs a penetration testing object by a remote server, which begins the actual infection activity. Such pentest allows the cyber-crooks to discover any vulnerabilities on your system or enterprise network during the infection. Once they find a weakness, they use the psexec.exe file to exploit this vulnerability, whether they use a malicious JavaScript or an RDP(remote desktop protocol) exploit.

In addition to this, the SamSam .weapologize malware is not originally a single virus. It uses a combination of viruses, among which are the following:

  • Derusbi infostealer for stealing information.
  • Bladabindi infostealer for stealing credentials.
  • PsExec to start programs on the infected system from distance.

After these tools have been used on the victim’s computer, the ransomware also uses an element from the Samas Trojan, which runs a Batch command in Windows command prompt that deletes the shadow volume copies on the infected computer system. The command is as follows:

→ C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

After this has been done, the .weapologize version of SamSam ransomware aims to display it’s ransom note, named ‘0000-SORRY-FOR-FILES.html’, which looks like the following:


Text from image:

What happened to your files?
All your files encrypted with RSA-2048 encryption, For more information search in Google ‘RSA Encryption’
How to recover files?
RSA is a asymmetric cryptographic algorithm, You need one key for encryption and one key for decryption
So you need Private key to recover your files.
It’s not possible to recover your files without private key
How to get private key?
You can get your private key in 3 easy step:
Stepl: You must send us 0.7 BitCoin for each affected PC OR 3 BitCoins to receive ALL Private Keys for ALL affected PC’s.
Step2: After you send us 0.7 BitCoin, Leave a comment on our Site with this detail: Just write Your ‘Host name’ in your comment
Your Host name is:
Step3: We will reply to your comment with a decryption software, You should run it on your affected PC and all encrypted files will be recovered
Our Site Address: http://jcmi5n4c3mvgtyt5.onion/familiarisingly/
Our BitCoin Address: 1MdthqRCJe825ywjdbijsttWBpKanR
(If you send us 3 BitCoins For all PC’s, Leave a comment on our site with this detail: Just write ‘For All Affected PC‘s’ in your comment)
(Also if you want pay for ‘all affected PC‘s’ You can pay 1.5 Bitcoins to receive half of keys(randomly) and after you verify it send 2nd half to receive all
How To Access To Our Site
For access to our site you must install Tor browser and enter our site URL in your tor browser.
You can download tor browser from https://www.torproject.org/download/download.html.en
For more information please search in Google ‘How to access onion sites’
Test Decryption
Check our site, You can upload 2 encrypted files and we will decrypt your files as demo.
If you are worry that you don’t get your keys after you paid, You can get one key for free on you choise(except important servers), Te
Also you can get some single key and if all single BTC taht you paid reached to all keys price you will get all keys
Anyway be sure that you will get all your keys if you paid for them and we don’t want damage our reliability
with buying the first key you will find that we are honest.

.weapologize SamSam Ransomware – Encryption Process

In order to encrypt the files on the computer of victims, the SamSam ransomware uses the so-called RSA encryption cipher, which is known as Rivest-Shamir-Adleman and is part of the Suite.B category of encoding languages. The SamSam .weapologize ransomware performs the encryption activities in the following order, according to previous reports:

After the file encryption process has completed, the SamSam virus leaves the files with the .weapologize suffix and they begin to appear like the following image:

Remove SamSam Ransomware and Restore .weapologize Encrypted Files

In order for you to successfully remove this ransomware infection from your computer system, we advise that you follow the removal instructions down below. They are specifically designed in order to help you by explaining how to delete the objects created by this ransomware either manually or automatically. If you lack the experience in removing this ransomware virus manually, security researchers strongly advise to do so automatically, preferably by downloading an advanced anti-malware software. Such program will ensure that this malware will be automatically removed and your PC will stay protected against future infections as well.

If you want to restore files, that have been encrypted with an added .weapologize file extension to them, we would advise that you follow the alternative methods for file recovery down below in step ‘2. Restore files encrypted by SamSam .weapologize’ . They are created In order to help you restore as many files as possible without paying the ransom, even though they are not a guarantee that you will restore all of the files.

Note! Your computer system may be affected by SamSam .weapologize and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as SamSam .weapologize.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove SamSam .weapologize follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove SamSam .weapologize files and objects
2. Find files created by SamSam .weapologize on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by SamSam .weapologize

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...