Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

WannaRen Ransomware

If your Windows operating system was infected by WannaRen Ransomware, we have both good and bad news for you. The bad news is that the files on your computer were encrypted, and it is also possible that other computers on your network could have been infected too if the infection managed to spread from your device. If you operate a computer at work, this could have serious implications. However, the good news is that you are likely to be capable of decrypting the files for free using a code that the attackers themselves revealed. Hopefully, it works for you. Unfortunately, if you need to decrypt files and remove WannaRen Ransomware from your operating system, there is a good chance that you also need to delete mining tools that can successfully exhaust the CPU power of the devices that they are installed on to mine for crypto-currency and, thus, make money for the attackers. Our hope is that by the time you are done reading this report, you will know how to get back to your daily tasks and in a more secure environment at that.

According to our research team, there is a good chance that WannaRen Ransomware could be distributed with the help of free applications offered on Chinese file-sharing websites. For example, it appears that Notepad++, which is a text and source code editor, could be used to conceal the launcher of the infection. Other methods of malware distribution could be employed as well. Once the launcher is opened, a malicious PowerShell script is supposed to execute, and that is how WannaRen Ransomware and the accompanying mining tools are meant to be downloaded onto the computer. Since the ransom note is presented in Chinese, it is most likely that this infection was created by someone in China to attack those living in the same territory. After the target is picked and successfully attacked, the infection is meant to encrypt files and also spread to other computers on the same network. The infection does that so that it could maximize its chances of pushing more victims into a corner and forcing them to pay a ransom. This ransom is presented to users via a window entitled “WannaRen.” The interface of this window and the message inside it are comparable to the infamous WannaCry infection that was rampant in the spring of 2017.

The ransom note presented by WannaRen Ransomware instructs to pay a ransom of 0.05 Bitcoin in return for a decryption key. At the time of research, this was around 2,500 Yuan or 350 US Dollars. The Bitcoin Wallet address to which the ransom has to be paid is 1NXTgfGprVktuokv3ZLhGCPCjcKjXbswAM. When we checked this address, two transactions had been made to it, and it had 0.00009490 BTC, which is just 5 Yuan or 0.67 US Dollars. Hopefully, this does not change, and no one gets roped into paying the ransom. Victims of the malicious WannaRen Ransomware are also instructed to email, but doing that is also very dangerous. While losing money once – which is what would happen if you paid the ransom – is a terrible thing, you can forget about it eventually. On the other hand, if you expose yourself to cybercriminals via email, you are unlikely to escape them until you remove your old email account and set up a new one. That being said, there is one person who contacted the attackers and managed to obtain a decryption key for free. If you enter this key into the box presented via the infection’s window, you might be able to restore all files.

The manual WannaRen Ransomware removal instructions you can see below include a decryption key that you might be able to use to restore personal files. Hopefully, it works for you, and you can copy and paste it into the allocated dialog box on the infection’s window. If that does not work for you, the experts in your IT team – or a more tech-savvy friend – should be able to help you. In the future, you do not want to leave your virtual security up to chance. First and foremost, install trusted anti-malware software to guard your operating system. If you do this, it will also automatically delete WannaRen Ransomware and the accompanying crypto miners, and you will not need to worry about doing that yourself. Second, you need to back up all files. Use an external or online system to store the copies of your files for safe keeping. Finally, make sure you are always careful online because any link, download, or email attachment could conceal another dangerous infection.

WannaRen Ransomware Removal

  1. Paste this key into the allocated box on the infection’s window to decrypt files:
    MIIEowIBAAKCAQEAxTC / Igjuybr1QbQ1RmD9YxpzVnJKIkgvYpBrBzhsczHQ8WeC
    7ikmC5jTbum1eCxTFTxvtnONEy2qDbnSS5fbK / lxYExj6aDLKzQxXCOVSdSQCesW
    g1i5AAdUC9S246sdS9VKxT0QL24I + SG + ixckBhcB + ww6z47ACegoH0aLDwvRvehZ
    Ycc1qFr1lhRXQpHunrlg4WRphH5xBbszOI + dFRDOpprnbN56CHoLb0q1SzzV3ZFA
    FF6Df68Pux1wMHwEXbULRHo5AIZJPJq8L9ThWVsj6v42jAjJQ8m8bRh0 + Jz4Rohk
    CXbTepgGiKKcCVGMTHak8OgHCM6ty19tVnSLSvOTa2VDxIFs4AwAdHWhEzwtq / 5 /
    N1GhxeUFx + balPYq28z3HC1T4CZ7EWiJStVJtxOXCEzPTkJ + f9PO8dGJHRtJIzPu
    zhLg + fD2tg81GceZYRJ4yPMXLfWKA5DmGkRv / 1Usq5zvMClLdrmw / q2rnCbRLdeE
    EAzSAi9kqsnEaZKfCbXb / gby + bUwAgn7mxs + CJ611hzD / r2w9dgXkaUJYuKRRv + B
    GlQHBRQ7hXogkIzeaGqmw8M3xko7xzADsytFYxt2Kthuww2YV4E6Q1Hl4bBW0q + g
    w + jSolECgYEA0Tnns + LaqMd5KCQiyWlCodQ2DtOMOefhIrJbRhdAkAq6FtVICxkL
    nIJL0gmo4T / zDaMr8vsn7Ck + wLjXUsYt1 / EulLtVnuH76FU0PkjJqBdre5Gjf23 /
    YGHW7DJEoH3p / 7DIgV4 + wXPu6dD + 8eECqwm1hLACOxkfZnOFZ1VGxeMCgYEA8UYH
    jaA69ILlz0TzDzoRdTmam6RDqjsVO / bwaSChGphV0dicKue25iUUDj87a1yLU5Nq
    t0Kt0w1FL / iile1Eu4fe4ryukPGw2jAZh / xq7i2RRSFLXim5an9AbBVQ55478AJa
    Enllm1yVtelKTwzeIPNikVgErpRQAo6PZOmrOPMBAnb5j8RAh9OUR48m / ZTJEpoS
    SWtoy8dTQ / RaQXECaOviYvZLk + V3v9hQDzYoh + hO2 / aS7oE12RrQmeILwd / jbOvz
    + wPyDuK7GvexG7YAR5 / xfwKBgQCA8p6C0MnxeCv + dKk60BwYfKrm2AnZ5y3YGIgw
    h2HS5uum9Y + xVpnnspVfb + f / 3zwPdNAqFZb1HziFBOtQGbkMSPeUUqcxjBqq4d4j
    UYKMvQnQ2pR / ROl1w4DYwyO0RlteUMPLxotTkehlD1ECZe9XMSxb + NubT9AGxtuI
    uLMM3QKBgGl0mYCgCVHi4KJeBIgabGqbS2PuRr1uogAI7O2b / HQh5NAIaNEqJfUa
    aTKS5WzQ6lJwhRLpA6Un38RDWHUGVnEmm8 / vF50f74igTMgSddjPwpWEf3NPdu0Z
    UIfJd1hd77BYLviBVYft1diwIK3ypPLzhRhsBSp7RL2L6w0 / Y9rf
  2. Delete recently downloaded files from these folders:
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %TEMP%
  3. Scan your system with a trusted malware scanner to check for potential leftovers.
Download Spyware Removal Tool to Remove* WannaRen Ransomware
  • Quick & tested solution for WannaRen Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.