WTDI ransomware virus targets Russian-speaking computer users
WTDI is a new file-encrypting virus that is written in .NET programming language and encodes files using strong cryptography. On the affected device, the virus looks for various documents, multimedia, archives, databases, disk image and other files, and appends the .wtdi file extension to each of them. Authors of the ransomware inform about this unpleasant situation by changing computer’s wallpaper. Once all files are encrypted, the ransom-demanding message shows up on the desktop. The fact that ransom note is written in the Russian language suggests that malware aims at the Russian-speaking computer users. Hackers follow traditional scenario and ask to pay the ransom in order to decrypt files locked by WTDI ransomware. They provide ICQ number for communication. However, trying to figure how much money cyber criminals want for decrypting your files is not a wise decision.[1] No one can assure that they have tools to restore your data or if they are truly willing to do it after receiving the ransom. Chances they will disappear as soon as the money shows up in their account are high. Thus, after the cyber attack, we highly recommend focusing on automatic WTDI removal with the help of reputable malware removal program, such as FortectIntego. Later you could try alternative recovery methods, and hopefully, they will work.

This ransomware is activated from CryptoWall.exe. However, security experts doubt that it is related to original CryptoWall virus. It might be just a fake version of it. Once this file is executed, it has to complete few tasks on the affected device. First of all, it modifies Run and RunOnce Windows Registry sub-keys in order to start ransomware with system startup. Once it’s done, WTDI starts scanning the system looking for the targeted file types and encrypts them. Apart from that, it might also try to get particular information about user or computer. Thus, you malware might put your privacy at risk. Besides, your computer is also in danger. Nevertheless, it corrupted your files; ransomware might also be capable of installing additional malicious files or opening the backdoor for other malware. Therefore, all these reasons and possible threats should motivate you to remove WTDI as soon as possible. We want to point out that even if you decide to take crooks’ offer (not recommended), you will still need to perform virus removal. Paying the ransom does not delete virus from the system.

Cyber criminals use traditional ransomware distribution methods
The main distribution channels for WTDI virus are malicious email attachments, malvertising, bogus software updates, and downloads, exploit kits, etc. The most successful way to infiltrate computers is misleading emails that include an infected attachment.[2] This file is always camouflaged and presented as an important document. Bear in mind that even Word or PDF files might hide malware executable. Clicking on online ads might also lead to WTDI attack. Be aware that malware-laden ads might be placed not only on the high-risk websites but on legitimate ones as well. Therefore, installing programs or updates from pop-ups might end up with data loss. Lastly, when installing new software, it’s important to choose reliable sources and avoid unknown file-sharing sites or torrents that highly participate in malware distribution.
Secure way to remove WTDI from the system
If you are thinking about manual WTDI removal, you have to get rid of this idea immediately. It’s a complicated virus that modifies the system and trying to locate malicious files is hard and risky activity. If you accidentally delete an important system file, you will cause irreparable damage to the system. Therefore, you have to employ reputable malware removal tools, such as FortectIntego, MalwarebytesMalwarebytes or SpyHunterCombo Cleaner, and remove WTDI automatically. However, if you cannot install or access security program, check our prepared instructions below. They will help you to disable the virus and run automatic removal.
Was this guide helpful?
Be the first to comment