What is Wana Decrypt0r Trojan-Syria Edition Ransomware?
Wana Decrypt0r Trojan-Syria Edition Ransomware is another Wannacry-wanna-be. It is designed to mimic the infamous WannaCry ransomware that had its fair share of fame after its massive attack way back in May 2017. After that, a series of copy cats have since resurfaced hoping to be as famous as WannaCry and the Wana Decrypt0r Trojan-Syria Edition ransomware is no exception. It claims to be a “Syrian” version of WannaCry and attacks computers with Windows operating system. Apart from the fact that this ransomware is trying to copy WannaCry, these two ransomware is not associated in any way, meaning to say, Wana Decrypt0r Trojan-Syria Edition Ransomware is not a variant of WannaCry. It is created using the HiddenTear open source platform that’s been used in creating countless of ransomware infections.
Even if Wana Decrypt0r Trojan-Syria Edition Ransomware is not as dangerous as WannaCry, it is still very much capable of carrying out an effective attack that will surely leave your files inaccessible. That’s why you shouldn’t underestimate this ransomware and take extra precautions when you’re unlucky enough to encounter it. According to security analysts, this ransomware has two versions. The first one makes use of the .wannacry file extension when appending files while the other one uses .Wana Decrypt0r Trojan-Syria Edition. Both of which are added on the end of the targeted files’ names. But before that, it scans your computer for the following file extensions:
.asp, .aspx, .bmp, .csv, .doc, .docx, .exe, .flv, .gif, .html, .jpeg, .jpg, .mdb, .mp3, .mp4, .pdf, .php, .png, .ppt, .pptx, .psd, .rar, .rtf, .sln, .txt, .xls, .xlsx, .xml, .zip.
During the encryption it uses the AES algorithm on decoding files. It then changes your desktop background with a pirate flag that has the message: “THE INTERNET All the PIRACY none of the SCURVY”. After that it opens it ransom note that contains the following text:
“Ooops, Your Files Have Been Encrypted !!!
What Happened To My Computer?
your important files are encrypted.
many of your documents, photos, videos, and other files are no longer
accessible because they have been encrypted, maybe you are busy looking
way to recover your files, but do not waste your time, nobody can recover
your files without our decryption service.
Can I Recover My Files?
sure we guarantee that you can recover all your files safely and easily.
but you have not so enough time.
if you need to decrypt your files, yo need to pay.
you only have 3 days to submit the payment.
after that the price will be doubled or your files and computer will be destroyed
How Do I Pay?
payment is accepted in bitcoin only, for more information, click
check the current price of bitcoin and buy some bitcoin. for more information,
and send correct amount to the address below
after your payment, click to to decrypt your files.
Send $50 Worth In Bitcoin To This Address
[BTC] button [Copy]
button [Check Payment]”
As you can see this virus will demand you a modest amount of money which is $50 in exchange for the recovery of your files. Although it is only a small amount of money, you shouldn’t still waste a dime for cyber criminals tend to ignore their victims once payment is sent. You would also be exposing private information that could put your security at risk. So paying the ransom is not part of the solution.
How does Wana Decrypt0r Trojan-Syria Edition Ransomware transmit its infection?
This ransomware gets activated through a malicious executable file named Wana Decrypt0r Trojan-Syria Editi0n.exe which is placed on a zip file. It takes advantage of computer with weak RDP or Remote Desktop Protocols. Aside from that this malicious file could lurk behind gaming or peer-to-peer file sharing sites. So you have to beware if downloading any games or files from suspicious free sharing sites to avoid getting infected with this threat.
To eliminate Wana Decrypt0r Trojan-Syria Edition Ransomware, follow the steps below:
Step 1: Open Windows Task Manager by pressing Ctrl + Shift + Esc at the same time.
Step 2: Go to the Processes tab and look for any suspicious processes and then kill them.
Step 3: Open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.
Step 4: Look for Wana Decrypt0r Trojan-Syria Edition ransomware or any suspicious program and then Uninstall.
Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Go to the directories listed below and delete everything in it. Or other directories you might have saved the file related to Wana Decrypt0r Trojan-Syria Edition ransomware.
Step 7: Look for the malicious executable file which is Wana Decrypt0r Trojan-Syria Editi0n.exe and remove it.
Step 8: Delete all files related to Wana Decrypt0r Trojan-Syria Edition Ransomware
Step 9: Empty the Recycle Bin.
Step 10: Try to recover your encrypted files.
Restoring your encrypted files using Windows’ Previous Versions feature will only be effective if the Wana Decrypt0r Trojan-Syria Edition Ransomware Ransomware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.
Follow the continued advanced steps below to ensure the removal of the Wana Decrypt0r Trojan-Syria Edition Ransomware Ransomware:
Perform a full system scan using SpyRemover Pro.
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOSscreen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Optionuse the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Boxwill show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Proto protect your computer from future threats.