TotalSystemSecurity.com

Find the Best solution for PC threats

Tag: How I remove Wana Decrypt0r 2.0 ransomware without paying ransom

How to Remove Wana Decrypt0r 2.0 and recover .WNCRY File

Wana Decrypt0r 2.0 RansomwareThreat In Detail

Wana Decrypt0r 2.0 is a new variant of WannaCry ransomware. But has many things changed as per the older one. This crypto-malware encrypts data on the victims PC by appending “.WNCRY” extension and restricts opening them. Once the encryption been done, Wana Decrypt0r 2.0 changes the desktop background and also leaves a ransom note “@Please_Read_Me@.txt” to instruct user on how to pay the ransom. In case your PC is infected with Wana Decrypt0r 2.0, you must avoid paying the ransom and try recovering your files with data recovery tools.

Technical Details

Name Wana Decrypt0r 2.0 Ransomware
Type Ransomware
Description Wana Decrypt0r 2.0 Ransomware encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.
Occurrence spam mail attachments., exploit kits, malicious links and java script codes..
Possible Symptoms The ransom note can be seen on desktop and other file directories and files could not be accessible.
Detection Tool Download the Detection toolTo confirm attack of Wana Decrypt0r 2.0 Ransomware virus on your computer.

Distribution Method

Wana Decrypt0r 2.0 Ransomware is distributed via email spam attachments which might be in the form of a RAR, ZIP and un-archived DOCX-files that containing malicious macro.

The payloads of the virus could enter through spam mail attachment, via torrents, spam bots, fake updates and many such. The file can be dropped as zipped folder named as wcry.zip.

This zipped folder may contain various files:

  • b.wnry
  • c.wnry
  • r.wnry
  • s.wnry
  • t.wnry
  • u.wnry
  • taskse.exe
  • taskdl.exe

More about Wana Decrypt0r 2.0 Ransomware

Wana Decrypt0r 2.0 ransomware then starts to extract the files and connect to the TOR network in order to receive command and control. The following servers could be used for establishing connection:

  • 57g7spgrzlojinas.onion
  • xxlvbrloxvriy2c5.onion
  • 76jdd2ir2embyv47.onion
  • cwwnhwhlz52maqm7.onion

After connection been done, Wana Decrypt0r 2.0 ransomware grants itself the administrative privileges to actions without any further permission of users. Also, it may stop various window’s processes running under task manager.

 Mysqld.exe
 Sqlwriter.exe
 Sqlserver.exe
 MSExchange
 Microsoft.Exchange

 

Additionally, Wana Decrypt0r 2.0 ransomware also modifies window’s registry to schedule auto-launch as the windows starts.

→ HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
 HKCU\Software\WanaCrypt0r\
 HKCU\Software\WanaCrypt0r\wd
 HKCU\Control Panel\Desktop\Wallpaper

 

After that, Wana Decrypt0r 2.0 ransomware starts its encryption process and encrypts data with .WNCRY extension. It also drops a program named @WanaDecryptor@.exe that runs a timer along the instruction on how to pay the ransom.

Wana Decrypt0r 2.0 .WNCRY File Virus

List of file extension encrypted

→ .ldf, .sln, .suo, .cpp, .pas, .asm, .cmd, .bat, .vbs, .dip, .dch, .sch, .brd, .jsp, .php, .class, .wav, .swf, .fla, .wmv, .mpg, .vob, .mpeg, .asf, .avi, .mov, .mkv, .flv, .wma, .mid, .djvu, .svg, .psd, .nef, .tiff, .tif, .cgm, .raw, .gif, .png, .bmp, .jpg, .jpeg, .vcd, .iso, .backup, .zip, .rar, .tgz, .tar, .bak, .tbk, .PAQ, .ARC, .aes, .gpg, .vmx, .vmdk, .vdi, .sldm, .sldx, .sti, .sxi, .hwp, .snt, .onetoc2, .dwg, .pdf, .wks, .rtf, .csv, .txt, .vsdx, .vsd, .edb, .odp, .otp, .sxd, .std, .uop, .odg, .otg, .sxm, .mml, .lay, .lay6, .asc, .sqlite3, .sqlitedb, .sql, .accdb, .mdb, .dbf, .odb, .frm, .myd, .myi, .ibd, .mdf, .msg, .ost, .pst, .potm, .potx .eml, .der, .pfx, .key, .crt, .csr, .pem, .odt, .ott, .sxw, .stw, .uot, .max, .ods, .ots, .sxc, .stc, .dif, .slk, .asp, .java, .ppam, .ppsx, .ppsm, .pps, .pot, .pptm, .pptx, .ppt, .xltm, .xltx, .xlc, .xlm, .xlt, .xlw, .xlsb, .xlsm, .xlsx, .xls, .dotx, .dotm, .dot, .docm, .docb, .docx, .doc, .jar,

If you are among the one being a victim of “Wana Decrypt0r 2.0 Ransomware”, then we would strongly suggest you not to pay any ransom to illegitimate persons behind it. Because even after paying they are not going to give your files back. So it is urged that you must opt for removal solutions for Wana Decrypt0r 2.0 Ransomware and try to recover files by automatic data recovery tool or any backup copy if you have.

(more…)

Welcome To TotalSystemSecurity.com, we will provide users with latest news and information about computer threats like Adware, Spyware, Trojan, Browser Hijacker and Ransomeware. Here at TotalSystemSecurity.com, you will get all minute information about latest threats and manual removal instructions. We Hope our guides and articles help you troubleshoot your PC issues.

TotalSystemSecurity © 2015-2017