Wannasmile Ransomware

Posted by Sarah Stewart on December 4, 2017

What is Wannasmile Ransomware?

Wannasmile Ransomware belongs to the group of crypto-malware, so it will encrypt your entire hard drive if it ever infiltrates your computer. This threat will affect your .jpeg, .docx, .rtf, .xlsx, .ppt, .mrw, .odb, .ods, .p7b, .wmv, .zip, .7z, .mp4, .avi, and a bunch of other files. No doubt the file you are trying to open belongs to the group of encrypted data if you cannot open it, and you see a new extension .WSmile appended to it. You will be told that you could unlock your files with the special decryptor after you purchase it from cyber criminals, but you should not fall for this. Nobody knows whether cyber criminals behind this infection will still be willing to share the decryptor with you after receiving a ransom you send to them, so we recommend that you do not spend your money on it. Instead, you should delete the ransomware infection from your computer right away. If you leave this infection active on your computer, it might encrypt even more files on your system because it has a point of execution and starts working automatically on system startup. That is, it scans the system with every new launch and encrypts those files that are not locked yet. We will talk about its removal in detail in the last paragraph. 100% FREE spyware scan and
tested removal of Wannasmile Ransomware*

What does Wannasmile Ransomware do?

Once Wannasmile Ransomware is executed, it drops WannaSmile.exe to %APPDATA%, and, on top of that, creates two points of execution in %AppData%\Microsoft\Windows\Start Menu\Programs\Startup and HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN. Then, it scans the affected computer and finds the most valuable users’ files on it. These files become encrypted right away – they all get the .WSmile extension appended to them. When personal files are locked, the ransomware infections drops How to decrypt files.html to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. This file is opened to users automatically due to the Startup entry created, so you will see it when you, for example, restart your computer again even if you close it. You will be asked to send a ransom in Bitcoins to the Bitcoin address indicated in the ransom note, but you should not do this even if you want your files back badly because it is unclear whether you will get the decryption tool and could unlock those files after you transfer money to crooks. You are the one who can make decisions here, but do not say that we have not warned you if you do not get anything in exchange for the money sent. You could not decrypt your files for free without the special decryptor, but you could still fix them after you erase the ransomware infection from your computer – you could restore your files from a backup. You could do this only if you have ever backed up your data.

Where does Wannasmile Ransomware come from?

It is not very easy to talk about the distribution of Wannasmile Ransomware because it is not one of those prevalent infections, but specialists working at anti-spyware-101.com are still sure that it infiltrates users’ computers illegally. Of course, users themselves usually contribute to its entrance to a great extent as well. For example, they might allow the ransomware infection to enter their computers by opening a malicious attachment from a spam email. The chances are high that some users download Wannasmile Ransomware by mistake too because it has a name of a legitimate tool Wannasmile that can stop WannaCry Ransomware, dangerous crypto-malware. Ransomware infections can be extremely sneaky threats, so it might not be very easy to prevent them from entering the system in some cases. Because of this, installing security software is what our security specialists recommend for all users whose computers are connected to the Internet and who surf the Internet every day.

How to delete Wannasmile Ransomware

You cannot decrypt your files by removing the ransomware infection from your system, but you will be sure that it cannot affect any new files you create if you remove it from your system today. First, you need to kill the malicious process. Second, you need to remove the Value from the Run registry key. Third, you need to delete all the components of the ransomware infection. Finally, all suspicious files you have downloaded recently onto your computer need to be erased. If you do not want to perform all these steps yourself or do not consider yourself an experienced user, you can erase malware automatically as well. In this case, your files will still stay encrypted.

Wannasmile Ransomware removal guide

  1. Tap Ctrl+Shift+Esc.
  2. Click Processes.
  3. Kill the malicious process (it might have a name client.exe).
  4. Close Task Manager and press Win+R.
  5. Enter regedit in the box and click OK.
  6. Move to HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN and delete the WANNASMILE Value.
  7. Close Registry Editor and open Windows Explorer.
  8. Delete WannaSmile.exe from %APPDATA%.
  9. Open %AppData%\Microsoft\Windows\Start Menu\Programs\Startup.
  10. Delete WannaSmile.lnk and How to decrypt files.html.
  11. Remove all suspicious recently downloaded files from %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %TEMP%.
  12. Empty Recycle bin. 100% FREE spyware scan and
    tested removal of Wannasmile Ransomware*
Wannasmile Ransomware
Wannasmile Ransomware
Wannasmile Ransomware

Stop these Wannasmile Ransomware Processes:

WannaSmile.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *