WannabeHappy Ransomware

Posted by Max Lehmann on November 8, 2017

What is WannabeHappy Ransomware?

WannabeHappy Ransomware is a malicious file-encrypting program that locks user’s data and gives him a bit more than thirteen hours to pay a ransom. The amount the hijacks behind this malware ask is around five hundred US dollars paid in Bitcoins. It is not the largest sum we have ever seen, but also not the smallest since we did encounter ransomware applications asking only twenty US dollars. However, no matter how affordable the price is or how much the cyber criminals promise they will not trick you, we would still not recommend complying with any demands. The truth is they can keep asking you for more money and in the end who knows if they will bother to send the mentioned decryption key. If you do not feel like gambling with your money, we advise you to ignore the presented ransom note and remove WannabeHappy Ransomware with the instructions located below or a legitimate antimalware tool you trust.testtesttest

Where does WannabeHappy Ransomware come from?

Our researchers at Anti-spyware-101.com were able to find out that the malicious application was and might still be distributed through both Spam emails and unsafe Remote Desktop Protocol (RDP) connections. In other words, to avoid WannabeHappy Ransomware or in fact, many other similar threats the user should be careful while opening suspicious email attachments. To be more precise one should try not to give in into curiosity, which often leads to launching malicious data sent via email. Additionally, you could strengthen the system by updating outdated software, changing weak passwords or perhaps acquiring a legitimate antimalware tool that could help detect suspicious data and defend the system from malware.

How does WannabeHappy Ransomware work?

As soon as WannabeHappy Ransomware is launched it should open a pop-up window showing the encryption key that will be used to lock files precious to the user, e.g., pictures, photos, videos, various documents, and so on. The encryption process starts immediately after the mention pop-up appears. If the user would understand what is happening, he could quickly turn off the computer, and disconnect it from the Internet just to be safe. We do not say this can definitely help you save any files, but it could interrupt the process if you do it before the encryption process is finished. Once it happens, all of the targeted data should become unreadable. Our researchers say the malicious program might mark it with an additional extension called .encrypted, e.g., picture.jpg.encrypted.

The next WannabeHappy Ransomware's step is to show the user a ransom note. Our researchers say it should be presented in a pop-up window. On the left side of it, the user might see a timer showing the remaining time for paying the ransom, the list of locations containing encrypted data, and a box where the user is supposed to insert a decryption key. On the other side, there should be a Bitcoin picture, a sentence saying send 500 euros to a given address, and a message thanking the user for “using wannabehappy.” In the middle or between the mentioned objects the user should see a ransom note. It urges to pay in time, or it the sum will be doubled. Also, promises the decryption key will be sent right after the payment is confirmed.

Nonetheless, as we said earlier, there are no real guarantees since you will not be able to get your money back. It means the hackers do not have to send you the decryption tool; they only need to convince the user they will do so. Unfortunately, there are cases when users get tricked, and if you do not wish to risk losing your money in vain, we advise you to eliminate the malware instead of paying to the cyber criminals.

How to erase WannabeHappy Ransomware?

If you think you can manage to remove WannabeHappy Ransomware manually, you should remember what was the file you opened before the computer got infected. After it is erased, we would recommend getting rid of a couple of other records associated with the malicious application and to make this task easier for you; this data will be listed in the instructions available a bit below this text. Users who find these tasks too complicated or too much time-consuming could install a legitimate antimalware tool instead, perform a system scan, and click the deletion button.

Eliminate WannabeHappy Ransomware

  1. Tap Ctrl+Alt+Delete.
  2. Launch Task Manager and go to Processes.
  3. Search for a process related to the malware.
  4. Mark the suspicious process and click End Task.
  5. Press Win+E.
  6. Check the following paths:
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
    %TEMP%
  7. Locate the infection’s installer, right-click the suspicious file and press Delete.
  8. Exit the File Explorer.
  9. Press Win+R.
  10. Type Regedit and click Yes.
  11. Find these paths:
    HKCU\SOFTWARE
    HKCU\SOFTWARE\WOW6432Node
  12. Look for keys called WannabeHappy, right-click them separately and press Delete.
  13. Leave Registry Editor.
  14. Empty your Recycle bin.
  15. Reboot the system. 100% FREE spyware scan and
    tested removal of WannabeHappy Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *