How to remove Wannapeace virus and restore encrypted files

The article is dedicated to ransomware called Wannapeace that penetrates systems around the world, and cyphers their data. In this item you can find full information on Wannapeace's essence, and how to uninstall Wannapeace from your computer. Furthermore, we'll explain how to restore the cyphered information, if possible.

Wannapeace is the perilous software penetrating PC's mostly via e-mail spam and Trojans. Occasionally scammers use zero-day vulnerabilities to infect the system, but they are speedily corrected. When infection is done, ransomware scans the hard disc, determines the amount of files for encryption and their approximate value. Nowadays, any modern virus is able to encrypt video, audio, text and image files in all known extensions. Extra attention is paid to businesslike information, since businessmen are the main objective for fraudsters. All programs in the system will be untouched because fraudsters want only information. Encryption is performed through world-known encryption algorithms, and it is so complex that that it cannot be bruteforced. Such complexity is the reason for unbelievable success of ransomware in last years: common PC operator, even if he has a fairly good experience in suchlike things, will never recover the data, and will have no way out except paying to scammers. The single way to recover files is to crack the scam webpage and retrieve the encryption keys. Sometimes it is possible to withdraw the keys through faults in viruse's program code.

Wannapeace ransomware virus

The knowledge of computers is extremely important in our century, as it helps customer to defend the laptop from computer viruses. For ransomware this is most relevant, since, unlike common dangerous programs, when you delete ransomware from the system, the consequences of its actions will stay. To shield your workstation, you have to remember these few simple rules:

    • Be cautious with the messages that contain something more than a message. If you don't know who send the letter and it is about receiving some prize, a lost parcel or something like that, this might be a fraud letter. The second very effective kind of fraud messages is a "business messages". summaries, complaints, Invoices for products or services, lawsuits and similar important information cannot be sent accidentally, and the receiver should know the person who sent it. Otherwise, it is a fraud.
    • Pay attention to the pop-ups. One of the simplest manners of file recovery is the recovery through Shadow Copies, and the developers of Wannapeace have included the elimination of SC in the default functionality of ransomware. The deletion of copies requires admin rights and acceptance from the user. Thus, not accepting alterations from a weird program at the right time, you will reserve the chances to restore all corrupted data for free.
    • Monitor the state of your computer. It requires a big part of CPU power to encrypt the data. In few minutes of infection, the computer slows down, and the encryption process appears in Process Manager. You may recognize this event and unplug the system before information will be fully encoded. Of course, the certain amount of files will be damaged, but the rest of them will remain intact.

Ransomware deletion isn't the happy end - it's only a first step on the long road until the complete file recovery. To decrypt the data you'll have to familiarize with the instructions in the below paragraph of our entry. To uninstall Wannapeace, you need to boot the system in safe mode and scan it through antivirus tool. High grade viruses can't be uninstalled even via antivirus-software, and have lots of efficient mechanics of defense. Qualitative ransomware can totally delete encrypted data, or some of it, when trying to uninstall the virus. This is extremely undesirable, and the following paragraph will assist you to avoid it.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After removing Wannapeace from the PC, it only remains to get back the corrupted information. Actually, this is not about decipherment, as the encrypting algorithms used by scammers are very complex. More often than not, to restore the files, the user has to seek support on anti-malware communities or from celebrated ransomware fighters and antiviral software vendors. If you can't linger and are going to get back the information by hand - here's the full article on that topic: article about files decryption.


This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.