Wannasmile Ransomware

Wannasmile Ransomware is a ransomware threat whose name derives from a legitimate program called “Wannasmile.” This program, according to our research, was developed to stop the infamous WannaCry Ransomware from spreading. Right now, the name of this tool is being used by cyber criminals who have created a threat similar to the malicious WannaCry Ransomware itself. The threat discussed in this report is meant to encrypt your files and then introduce you to a ransom note demanding you to follow obscure instructions. Without a doubt, that is not what you should focus on. Instead, we advise that you focus on the removal of Wannasmile Ransomware. This devious threat is controlled by cyber criminals, and they could use it in ways you do not understand. Right now, this malware is all about corrupting data and making ridiculous demands, but the existing security backdoors could be used to make your operating system even more vulnerable. If you wish to delete this threat right away, check out the guide below, but you really should read this entire report to learn more about the threat first.

According to our malware research team, the malicious Wannasmile Ransomware could enter the system as a file named “client.exe,” but it all depends on the distribution method used, and it is very possible that the name of the launcher file will be different in your personal case. When it comes to distribution, spam emails and malicious websites are most likely to be used to drop the launcher onto your PC, and, unfortunately, that is likely to be done with your permission. Needless to say, if you do not want to deal with the removal of other threats in the future, you need to become more careful when opening files and links or interacting with any kind of content found online. The best thing you can do, of course, is install anti-malware software to ensure that all security backdoors are patched before they can be exploited by cyber criminals. Unfortunately, Wannasmile Ransomware is spreading already, and some users might be unaware of the threat it poses. When this malware invades the operating system, it encrypts files of all kinds. See the list of extensions targeted below.

.zip .7z .mp4 .avi .mkv .pdf .wmv .swf .sql .txt .jpeg .jpg .png .bmp .psd .doc .docx .rtf .xls .xlsx .odt .pptx .ppt .ai .xml .cpp .asm .js .php .cs .aspx .html .mdb .accdb .arw .3fr .bay .cdr .cer .cr2 .crt .crw .dbf .dcr .der .dng .dwg .dxf .dxg .eps .indd .erf .kdc .mdf .mef .mrw .nef .nrw .odb .odp .ods .orf .p12 .p7b .p7c

The files corrupted by Wannasmile Ransomware are given the “.WSmile” extension to help you locate them fast. This malicious threat does not have specific targets when it comes to directories, and so it is likely to encrypt files all over your operating system. Once that is done, a file named “How to decrypt files.html” should be created in the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup directory. This file represents a message in Arabic. According to it, the victim is expected to pay a ransom of 20 Bitcoin and then confirm the payment by emailing wannasmile@tuta.io. First and foremost, not many victims will be able to fulfill this demand even if they wanted to because 20 BTC converts to around 198,600 USD. Needless to say, this is a ridiculous amount of money. Even if you have that kind of money, and the files encrypted by the threat are worth it to you, you cannot be naive. The creator of Wannasmile Ransomware will gladly take your money, but they will not give you a decryptor in return. Instead, count your losses and figure out how to delete the threat. We have a few suggestions when it comes to removal.

You might be capable of deleting Wannasmile Ransomware manually, but remember that you will be successful only if you perform every step shown below the right way. For example, if you cannot identify and delete the right malicious components, you will not be able to get rid of this malware on your own. In this situation, it is highly recommended that you install a reliable anti-malware tool. This is not the only reason using this tool is a good idea. As you might have figured out yourself, this tool is also great at keeping your system protected, and so if you install it now, you will have the infection deleted and your system protected. Set up a file backup system as well, and you will be prepared for everything that might come your way in the future.

Wannasmile Ransomware Removal

1. Launch a menu by tapping Ctrl+Alt+Delete and select Start Task Manager.
2. Click the Processes tab and look for a malicious {unknown name} process.
3. Right-click it and select Open File Location to find the malicious {client}.exe file linked to the process (could be located on the Desktop or in %USERPROFILE%/Downloads and %TEMP% directories).
4. Select the malicious process and click End Process and then Delete the malicious file.
5. Tap Win+E keys to launch Windows Explorer and then enter %APPDATA% into the bar at the top.
6. Delete the file named WannaSmile.exe.
7. Enter %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\ into the bar at the top.
8. Delete the shortcut file named WannaSmile.lnk.
9. Tap Win+R keys to launch RUN and then enter regedit.exe into the open box to launch Registry Editor.
10. Move to HKCU\Software\Microsoft\Windows\Currentversion\Run.
11. Delete the value named WANNASMILE.
12. Immediately Empty Recycle Bin to eradicate the deleted components.
13. Install a trusted malware scanner and run it to check for malicious leftovers that might require removal.