How to remove WannaCryptor virus and decrypt .Wcry files

Update: there are decryptors!

Windows XP:

Windows 7, XP, 2003, Vista, 2008:

Unfortunately, it works only if you did not reset your system after encryption.

Internet is crowded with the malicious programs, but WannaCryptor is one of the worst. Most of harmful software only cause discomfort, and the fruits of their work can be easily eliminated, but ransomware brings substantial damage, and in most cases, you need to waste money to fix it. The encrypting ransomware is the worst issue of all, which could appear on your PC. In this article, we’ll show you, how to uninstall WannaCryptor, and how you can probably get back the encoded data without paying a ransom.

Wcry files

Ransomware gets on your laptop through malicious attachments in electronic mail, and then immediately starts to cipher data. If you failed to stop the virus before it sneaked in, then by now you already suffer losses. WannaCryptor can encrypt almost all sorts of files that might be stored on ordinary users’ machine. The encoding takes from 5 minutes to several hours. Encryption speed might change, it depends on the laptop capacity and the number of information stored on it. The amount of payment is 0.3 BTC.

WannaCryptor ransomware virus

Virus adds Wcry extension to all txt, bmp , jpg and other files. The ransomware applies the strongest encryption algorithms, which cannot be broken if the secret key is unknown. I'm trying to say that there is only one really reliable technique of restoring data: the load of backup. The absence of backups mean that you can say "bye" to your data, because you cannot be sure that scammers, which hacked your computer, won’t deceive you again when the ransom will be received. Your files may be decrypted in several ways, but they aren't absolutely efficient.

Wcry files

If the system is corrupted by encrypting virus, the priority is not the disposal of the ransomware itself, but the restoration of files. Removing the virus doesn't affect the state of files, which are already ciphered, but, since ransomware dwells in the system, each downloaded file will be at risk. Regardless of what decryption manner you prefer, you still have to remove WannaCryptor. Using the hand decryption or the load of backups, you must delete WannaCryptor as soon as possible, and if you prefer to pay those hackers - WannaCryptor should be deleted after the complete data decryption. You can eliminate the ransomware with help of special anti-virus software, or by-hand. Swiftness and reliability of each way are the same, but the requirements for user experience and knowledge are extremely different. By-hand deletion requires some experience of who produces it. Skill is required in order to prevent errors or to neutralize the aftermath of error, if it does happen. Uninstall via antivirus does not require any knowledge of the customer. User simply has to do a few clicks and wait for 5 minutes. Below this part, you'll find the complete instructions to remove WannaCryptor. We carefully describe every single part of the process, to minimize the chance of mistake. However, if you don't like the manual deletion, and prefer the high level of defense against any ransomware - you should buy the worthy removal tool like Kaspersky, Dr.Web or other trusted antivirus.

WannaCryptor Ransomware virus removal insruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

How to restore files encrypted by WannaCryptor

In this entry we have already said that If your machine is penetrated by ransomware, you have just one entirely reliable way to recover files: to load the backup. All other techniques, which are listed below, can't guarantee the outcome. The major strength of backup copies is that they are stored on an external media, and aren't available for WannaCryptor's impact. Other manners depend on the OS in-built services, and their success may be minimized by the virus itself and the absense of experience. We can propose you two extra restoring techniques. They are: the restore with help of shadow copies service and the usage of special decryption program. The issue is that today we have no info about the decent decryptor for WannaCryptor, and we have no idea when it will be developed. But you can watch the websites of the respectable anti-virus software developers who often develop such tool. By-hand decryption using Shadow Volume Copies may be performed right now. You can use the default functionality of Windows OS, however, there are other tools that will make this job easier. These tools are called Recuva and ShadowExplorer. Both tools are free, you can find them on the official web-pages, with close guide for their using. More information about file restoration here: article about decryption.





This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.