Have you ever heard the news that the NHS was hit by a massive ransomware attack that caused many hospitals, clinics even banks and telecommunication services to shut down in multiple countries? It is mainly caused by the virulent strain of ransomware called Wana Decrypt0r. The ransomware first appeared around February 2017 and works by encrypting files on the target computers before demanding a ransom which is to be paid in the cryptocurrency Bitcoin.
The Wana Decrypt0r is basically a nasty ransomware virus that locks or encrypts files through powerful encryption that make files unreadable or inaccessible. The file attached with “.WNCRY” at the end of every file it encrypts and shows the following message: “Ooops, your files have been encrypted!” The Security software maker, Avast, has reported that they have discovered more than 126,000 infections of the Wana Decrypt0r ransomware in 104 countries such as Russia, Ukraine, Spain, Britain, and Taiwan. The Wana Decrypt0r ransomware has successfully infected major institutions’ computer systems, like hospitals in NHS – National Health Service across England and Spanish telecommunications company, Telefonica and other countries as well.
The Wana Decryptor ransomware highly demands a fee of $300 to decrypt or make the encrypted files accessible and readable again. Fortunately, you don’t need to go through that point and pay the fee, you have to secure the system and delete the worm immediately. If you opt to erase Wana Decrypt0r Ransomware manually we offer the removal guide placed below since deleting the malicious application might not be easy.
However, the easier way to get rid of it is to install a reputable antimalware tool, perform a system scan, and select the removal button once the scanning is over. Through installation of legitimate antimalware tool, you would also acquire a tool that could help you strengthen the system and guard it against malware.
Removal of Wana Decrypt0r Ransomware
- Close and Exit the red malware’s pop-up.
- Access the File Explorer by clicking the Windows Key+E.
- Locate in your Desktop, Downloads, Temporary Files, or other locations where the infection’s launcher could have been downloaded.
- Select the launcher and press Shift+Delete to erase it permanently.
- Go to C:\Windows and look for the file called tasksche.exe.
- Pick this executable file and press together the Shift+Delete keys.
- Locate the paths:
%ALLUSERSPROFILE%\{folder with a random name}
%ALLUSERSPROFILE%\Application Data\{folder with a random name} - Folders with random names might contain files and copies of files tasksche.exe; if they contain such file, choose these folders and click Shift+Delete keys to get rid of the malware’s created directories.
- Use Shift+Delete key combination to delete all @[email protected] and @[email protected] files.
- Leave and Exit the File Explorer.
- Finally Restart the system.
If you were unfortunate to come across this malware, we would definitely advise securing the system by eliminating the worm from it. You can definitely do this either manually or automatically; thus, you can pick the best option based on your skills. More experienced or geek users could try to follow the removal guide mentioned above, while users with less or little experience are advised to use a reputable antimalware tool instead just to be sure.
