- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
If your Windows operating system was infected by WannaRen Ransomware, we have both good and bad news for you. The bad news is that the files on your computer were encrypted, and it is also possible that other computers on your network could have been infected too if the infection managed to spread from your device. If you operate a computer at work, this could have serious implications. However, the good news is that you are likely to be capable of decrypting the files for free using a code that the attackers themselves revealed. Hopefully, it works for you. Unfortunately, if you need to decrypt files and remove WannaRen Ransomware from your operating system, there is a good chance that you also need to delete mining tools that can successfully exhaust the CPU power of the devices that they are installed on to mine for crypto-currency and, thus, make money for the attackers. Our hope is that by the time you are done reading this report, you will know how to get back to your daily tasks and in a more secure environment at that.
According to our research team, there is a good chance that WannaRen Ransomware could be distributed with the help of free applications offered on Chinese file-sharing websites. For example, it appears that Notepad++, which is a text and source code editor, could be used to conceal the launcher of the infection. Other methods of malware distribution could be employed as well. Once the launcher is opened, a malicious PowerShell script is supposed to execute, and that is how WannaRen Ransomware and the accompanying mining tools are meant to be downloaded onto the computer. Since the ransom note is presented in Chinese, it is most likely that this infection was created by someone in China to attack those living in the same territory. After the target is picked and successfully attacked, the infection is meant to encrypt files and also spread to other computers on the same network. The infection does that so that it could maximize its chances of pushing more victims into a corner and forcing them to pay a ransom. This ransom is presented to users via a window entitled “WannaRen.” The interface of this window and the message inside it are comparable to the infamous WannaCry infection that was rampant in the spring of 2017.
The ransom note presented by WannaRen Ransomware instructs to pay a ransom of 0.05 Bitcoin in return for a decryption key. At the time of research, this was around 2,500 Yuan or 350 US Dollars. The Bitcoin Wallet address to which the ransom has to be paid is 1NXTgfGprVktuokv3ZLhGCPCjcKjXbswAM. When we checked this address, two transactions had been made to it, and it had 0.00009490 BTC, which is just 5 Yuan or 0.67 US Dollars. Hopefully, this does not change, and no one gets roped into paying the ransom. Victims of the malicious WannaRen Ransomware are also instructed to email WannaRenemal@goat.si, but doing that is also very dangerous. While losing money once – which is what would happen if you paid the ransom – is a terrible thing, you can forget about it eventually. On the other hand, if you expose yourself to cybercriminals via email, you are unlikely to escape them until you remove your old email account and set up a new one. That being said, there is one person who contacted the attackers and managed to obtain a decryption key for free. If you enter this key into the box presented via the infection’s window, you might be able to restore all files.
The manual WannaRen Ransomware removal instructions you can see below include a decryption key that you might be able to use to restore personal files. Hopefully, it works for you, and you can copy and paste it into the allocated dialog box on the infection’s window. If that does not work for you, the experts in your IT team – or a more tech-savvy friend – should be able to help you. In the future, you do not want to leave your virtual security up to chance. First and foremost, install trusted anti-malware software to guard your operating system. If you do this, it will also automatically delete WannaRen Ransomware and the accompanying crypto miners, and you will not need to worry about doing that yourself. Second, you need to back up all files. Use an external or online system to store the copies of your files for safe keeping. Finally, make sure you are always careful online because any link, download, or email attachment could conceal another dangerous infection.
WannaRen Ransomware Removal