What is WannabeHappy ransomware? And how does it execute its attack?
WannabeHappy ransomware is a destructive file-encrypting threat that restricts access to personal information stored in the compromised computer. It make use of a strong cipher to modify the original code of the predefined targeted files and blackmails its victims into paying a ransom for a unique data decryption key so they can restore their files.
WannabeHappy’s start to execute its attack the moment the malicious executable file named Cryptor.exe is launched in the system. This malicious file is designed to manage the attack so that WannabeHappy can successfully execute its attack on the infected computer. The first thing that this ransomware does is to collect information about the computer then send all the gathered information to a Command and Control server which are controlled by the crooks who created WannbeHappy ransomware. The cyber crooks could also drop another malware o further worsen the infection.
Another function of this ransomware is to create new values in the Run and RunOnce registry keys – this helps the ransomware enable automatic execution of all its malicious components on each Windows system load or every time you boot your PC. WannabeHappy also scans the entire drive in the computer looking for files to encrypt. After the encryption, WannabeHappy locks the screen with its ransom note that reads:
“Ooops your files have been encrypted
What Happened to My Computer?
Your important files are encrypted. Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely easily. But you have not so enough time. You only have 13 hours, 37 minutes and 42 seconds (13:37:42) to submit the payment. After that the price will be doubled. Also, if you dont pay, you won’t be able to recover your files forever. We will have free for users who are so poor that they couldn’t pay in 6 months.
How do I Pay?
Payment is accepted in Bitcoin only. For more information, click @bitcoin logo. Please check the current price of the Bitcoin and buy some bitcoins. For more information, check internet. When the payment is done, report that the payment is done by sending your transaction ID (TX ID) by clicking
—> . I takes a while to validate the payment. After a while you can press the button and when the payment is succesful received, the decryption key will be returned!
Send $500 worth of bitcoin to this address
Key:  Decrypt
Thank you for using wannabehappy
As opposed to what this ransom note is telling you, you can definitely recover you files without having to pay the $500 ransom as there is an available free decryptor you can use as well as another recovery method using the files’ shadow volume copies.
How does WannabeHappy ransomware spread?
WannabeHappy ransomware spreads through malicious email messages where the crooks make it look like the email is sent out by some representative of a well-known group or business to trick users into downloading and opening the attachment. The email may contain a message which will try to convince you that the email is a high priority and you must download the attached file which in this case is Cryptor.exe.
Follow the removal guide given below to obliterate WannbeHappy ransomware and its malicious components from your computer.
Step1. Open the Task Manager simply by tapping Ctrl + Shift + Esc keys on your keyboard.
Step2. Under the Task Manager, go to the Processes tab and look for any suspicious-looking process which takes up most of your CPU’s resources and is most likely related to WannabeHappy ransomware.
Step3. After that, close the Task Manager.
Step4. Tap Win + R, type in appwiz.cpl and click OK or tap Enter to open Control Panel’s list of installed programs.
Step5. Under the list of installed programs, look for WannabeHappy ransowmare or anything similar and then uninstall it.
Step6. Next, close Control Panel and tap Win + E keys to launch File Explorer.
Step7. Navigate to the following locations below and look for WannabeHappy ransomware’s malicious components such as Cryptor.exe as well as other suspicious files and then delete all of them.
Step8. Close the File Explorer.
Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use PC Cleaner Pro, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then by all means go on to the next steps.
Step9. Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step10. Navigate to the following path:
Step11. Delete the registry keys and sub-keys created by WannabeHappy ransomware.
Step12. Close the Registry Editor and empty your Recycle Bin.
Try to recover your encrypted files using the Shadow Volume copies
Restoring your encrypted files using Windows’ Previous Versions feature will only be effective if WannabeHappy ransomware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.
It is important to make sure that nothing is left behind and that WannabeHappy ransomware is completely removed use the following antivirus program. To use it, refer to the instructions below.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOSscreen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Optionuse the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Boxwill show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. Installation will start automatically once download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register the program to protect your computer from future threats.