Have you ever heard the news that the NHS was hit by a massive ransomware attack that caused many hospitals, clinics even banks and telecommunication services to shut down in multiple countries? It is mainly caused by the virulent  strain of ransomware  called Wana Decrypt0r. The ransomware  first appeared around February 2017 and works by encrypting files on the target computers before demanding a ransom  which is to be paid in the cryptocurrency Bitcoin.

The Wana Decrypt0r  is basically a nasty ransomware virus that locks or encrypts files through powerful encryption that make files unreadable or inaccessible. The file attached with “.WNCRY” at the end of every file it encrypts and shows the following message: “Ooops, your files have been encrypted!” The Security software maker, Avast, has reported that they have discovered more than 126,000 infections of the Wana Decrypt0r ransomware in 104 countries such as Russia, Ukraine, Spain, Britain, and Taiwan. The Wana Decrypt0r ransomware has successfully infected major institutions’ computer systems, like hospitals in NHS – National Health Service across England and Spanish telecommunications company, Telefonica and other countries as well.
The  Wana Decryptor ransomware highly demands a fee of $300 to decrypt or make the encrypted files accessible and readable again. Fortunately, you don’t need to go through that point and pay the fee, you have to secure the system and delete the worm immediately. If you opt to erase Wana Decrypt0r Ransomware manually we offer the removal guide placed below since deleting the malicious application might not be easy.
However, the easier way to get rid of it is to install a reputable antimalware tool, perform a system scan, and select the removal button once the scanning is over. Through installation of legitimate antimalware tool, you would also acquire a tool that could help you strengthen the system and guard it against malware.
Removal of Wana Decrypt0r Ransomware

  1. Close and Exit the red malware’s pop-up.
  2. Access the File Explorer by clicking the Windows Key+E.
  3. Locate in your Desktop, Downloads, Temporary Files, or other locations where the infection’s launcher could have been downloaded.
  4. Select  the launcher and press Shift+Delete to erase it permanently.
  5. Go to C:\Windows and look for the file called tasksche.exe.
  6. Pick this executable file and press together  the Shift+Delete keys.
  7. Locate the paths:
    %ALLUSERSPROFILE%\{folder with a random name}
    %ALLUSERSPROFILE%\Application Data\{folder with a random name}
  8. Folders with random names might contain files and copies of files tasksche.exe; if they contain such file, choose these folders and click Shift+Delete keys to get rid of the malware’s created directories.
  9. Use Shift+Delete key combination to delete all @[email protected] and @[email protected] files.
  10. Leave and Exit the File Explorer.
  11. Finally Restart the system.

If you were unfortunate  to come across this malware, we would definitely advise securing the system by eliminating the worm from it. You can  definitely do this either manually or automatically; thus, you can pick the best option based on your skills. More experienced or geek users could try to follow the removal guide mentioned above, while users with less or little experience are advised to use a reputable antimalware tool instead just to be sure.

logo main menu

Copyright © 2023, FixMyPcFree. All Rights Reserved Trademarks: Microsoft Windows logos are registered trademarks of Microsoft. Disclaimer: is not affiliated with Microsoft, nor claim direct affiliation. The information on this page is provided for information purposes only. Protection Status

Log in with your credentials

Forgot your details?