Whoopsie Ransomware

Whoops Ransomware is a malicious application that might illegally enter your system. It is not considered a very popular infection, but it might still find a way how to enter your computer, especially if you open attachments from all kinds of emails you receive, click on random links, or download software from websites you know nothing about. You can be sure that this threat is the one that has infiltrated your computer and applied changes to your files it they have all received the .enc extension. Ransomware infections encrypt files because they want users’ money. It is very likely that Whoopsie Ransomware has been developed to obtain money from users too because it opens a window with a message claiming that the only way to get a decryptor that can unlock locked data is to “pay a small fee.” At the time of writing, Whoopsie Ransomware was still in development. That is, it was impossible to transfer a ransom due to a missing payment address. Of course, the ransomware infection might be fixed in the near future. No matter which version of Whoopsie Ransomware you encounter, it is very important to remove it as soon as possible without paying money to malicious software developers. You will not get the decryptor in this case, but you could restore encrypted files from your backup. Before you do that, the ransomware infection must be erased fully so that it could not lock data again.

Ransomware infections are created to encrypt users’ files, so it is not surprising that Whoopsie Ransomware encrypts data on affected computers right away as well. As mentioned at the beginning, all these files get the .enc appended, for example, picture.jpg will become picture.jpg.enc. A strong encryption algorithm is used to lock files, so do not expect to unlock your data by removing .enc from it. Once Whoopsie Ransomware encrypts files, it opens a small red window with a message for users. Users are told that a decryption tool costs 50 EUR. The ransom has to be sent to the indicated Bitcoin address. As mentioned, it was not there at the time of analysis. Do not send a cent to cyber criminals even if you can find the wallet address on the opened window because there is a huge possibility that nobody will give you the decryption tool. It does not mean that the only way to get files back is to unlock them with the special decryptor. Files can also be restored from a backup, so if you periodically back up your files, it should not be a problem to you.

We cannot confirm that Whoopsie Ransomware is already distributed actively by cyber criminals because it did not work properly at the time of research, i.e. it did not display the wallet address for paying the ransom. Of course, it does not mean that it cannot become prevalent infection one day. Besides, there are hundreds of other threats we are sure you would not want to slither onto your computer, so we have several pieces of advice for you. Since ransomware infections are usually distributed as malicious attachments, do not open any attachments from suspicious emails you receive, especially if they have been placed to the Spam folder by your email provider. Second, you must download software from trustworthy websites only. P2P websites containing thousands of applications are not considered reliable sources for downloading software from – they usually contain tons of infections. If you are one of those inexperienced users, you should install security software on your computer too because it is not that easy to prevent malware from entering the system.

Whoopsie Ransomware must be removed ASAP so that it could not mark more files with the .enc extension and thus encrypt them. You do not need to be an expert in malware removal to erase it manually because it is not sophisticated malware. You will remove it by closing the window opened on your screen and then deleting two files: key.txt it drops and its launcher – it should be located in the Downloads (%USERPROFILE%\Downloads) folder.

How to delete Whoopsie Ransomware

1. Tap Ctrl+Shift+Esc.
2. Open the Processes tab.
3. Kill the Whoopsie Ransomware process.
4. Close the Task Manager window.
5. Locate key.txt and delete it.
6. Remove the malicious file you have opened recently (check the Downloads folder).
7. Empty Trash.