WannaScream ransomware – a computer virus that encrypts all victims' personal files and demands a ransom for a decryption tool

WannaScream ransomware is a cryptovirus that locks all non-system files on an infected victim's computer and tries to extort cryptocurrency as a ransom for a promised decryption toolkit. This virus encrypts all files with an army-based AES-256 coding algorithm.[1]
As soon as the virus gets access to a device, it starts its bidding. All files personal files like pictures, videos, documents, archives, backups, etc., are appended with the WannaScream extension, as well as other components – this renders files inaccessible. For example, a file “document.html” is turned into “document.html.[Filemgr@tutanota.com][1E857D00].WannaScream.”
Just like other versions H@RM@ or NORD, following successful encryption, the WannaScream file virus creates two types of ransom notes – a pop-up window (WannaScream.hta) and many text documents (README.txt) in all folders with renamed personal victim files. Both messages in the ransom notes are identical and demand victims to pay ransom for a decryption too
| name | WannaScream ransomware, WannaScream file virus |
|---|---|
| type | Malware, Ransomware |
| Other versions | |
| Appointed file extension | A tricky extension is added to the original filenames in this sequence: original filename.[Filemgr@tutanota.com][appointed victim ID].WannaScream |
| Ransom note | A pop-up window, titled WannaScream.hta, and hundreds of text files, named README.txt |
| Criminal contact details | Filemgr@tutanota.com and Cryptor6@tutanota.com |
| Ransomware Removal | All ransomware should be removed immediately with the help of professional anti-malware software |
| System tune-up | Following a successful WannaScream ransomware removal, a system repair is a must. We suggest using the FortectIntego tool to fix any damage the malware might have caused to the system registry and other essential system settings |
In the first part of the ransom notes, creators of WannaScream ransomware explain to victims that all their data was locked, and if they want to get it back, they have to establish a contect via the two given emails – Filemgr@tutanota.com and Cryptor6@tutanota.com. Also, an appointed, unique user ID is provided. The ransom amount isn't specified, but the hackers state that it depends on how quickly the victim contacts them. The preferred payment method is Bitcoins.
In the second part, WannaScream ransomware developers try to build a fake trust relationship by offering their victims a free decryption guarantee of any five files from the infected device. The files can't be archived and shouldn't exceed 10Mb. By doing this, the cybercriminals are trying to prove that they really possess the necessary decryption tool and will forward it to the victims after the payment is made.
The third part consists of detailed instructions on how to obtain the necessary cryptocurrency in question. The last part of the WannaScream virus note is composed of warnings. The perpetrators urge the victims not to rename the encrypted files and not try any third-party decryption tools, which might lead to permanent data loss.

All malware, no matter if it's pesky adware or perilous trojans, must be eliminated from all devices ASAP. Remove WannaScream ransomware automatically with the help of reliable anti-malware software. We recommend trying apps like SpyHunterCombo Cleaner or MalwarebytesMalwarebytes to eliminate the cryptovirus automatically.
Ransomware is able to mess up the system registry and other core system settings, so after WannaScream ransomware removal, it is highly recommended to perform a full scan with a system repair tool like the FortectIntego to find and fix any system irregularities that the virus might have caused.
Message from the makers of WannaScream ransomware to their victims in the README.txt files looks like this:
[+] All Your Files Have Been Encrypted [+]
[-] Do You Really Want To Restore Your Files?
[+] Write Us To The E-Mail : Filemgr@tutanota.com
[+] If you did not get any response until 24 hours later,Write to this E-Mail : Cryptor6@tutanota.com
[-] Write Your Unique-ID In The Title Of Your Message.
[+] Unique-ID : 1E857D00
[-] You Have To Pay For Decryption In Bitcoins.
[-] The Price Depends On How Fast You Write To Us.
[-] After Payment We Will Send You The Decryption Tool
That Will Decrypt All Your Files.
________[+] Free Decryption As Guarantee [+]
[-] Before Paying You Can Send Us Up To 5 Files For
Free Decryption, The Total Size Of Files Must Bee Less
Than 10MB, (Non Archived) And Files Should Not Contain
Valuable Information (Databases, Backups, Large Excel
-Sheets, Etc).
________[+] How To Obtain Bitcoins [+]
[-] The Easiest Way To Buy Bitcoins Is LocalBitcoins
Site : https://localbitcoins.com/buy_bitcoins
You Have To Register, Click 'Buy Bitcoins', And Select
The Seller By Payment Method And Price.
[-] Also You Can Find Other Places To Buy Bitcoins And
Beginners Guide Here:
http://coindesk.com/information/how-can-i-buy-bitcoins
________[+] Attention! [+]
[-] Do Not Rename Encrypted Files.
[-] Do Not Try To Decrypt Your Data Using Third Party
-Software, It May Cause Permanent Data Loss.
[-] Decryption Of Your Files With The Help Of Third
Parties May Cause Increased Price (They Add Their Fee
To Our) Or You Can Become A Victim Of A Scam.
________DARKCRYPT_Ransomware________
Avoiding most common distribution techniques of ransomware
Numerous malware types [2] are spread out through the internet and are lurking for unaware everyday computer users to click on them. Some could be hidden in deceptive ads, others in freeware bundles. But the most common ways the ransomware is distributed is through file-sharing platforms and spam emails.
File-sharing platforms such as torrent sites like The Pirate Bay are rattled with all kinds of malware, including ransomware. Cybercriminals are trying to outsmart computer users by naming their creations as something that would lure them in. For example, a new unlocked licensed software, or a crack for some latest game. When such disguised malware is downloaded, the infection of the device is started immediately. So refrain from using such platforms.
Spam email is another popular method used by the hacker to spread their “products”. Although most email providers have spam folders, some of these emails are so intricate that they surpass the provider's security and end up in regular inboxes. These emails might look like valid letters from banks, shipping companies, medical institutions, etc. However, threats lie in wait within them.
These emails contain either hyperlinks to malicious sites, where a virus payload file is downloaded automatically after visiting them or infected attachments, that when opened or downloaded, initiate an infection process instantly. Please look through the message thoroughly. Maybe there are some grammatical mistakes or other spottable irregularities. Avoid opening any hyperlinks and always scan email attachments with anti-malware software before downloading them.

Guidelines on how to remove WannaScream ransomware from encrypted devices
There are no guarantees that after paying the ransom, the decryption tool will be provided. Instead of dealing with cybercriminals, victims should remove WannaScream virus immediately and search for other data recovery methods. Few possible data retrieval techniques (including a free decryption tool for the older version of the cryptovirus) are displayed at the bottom of this article.
Malware can be eliminated manually, but it isn't easy at all, so we suggest entrusting professional anti-malware software with WannaScream ransomware removal. To do it automatically, we suggest using any of these two time-tested apps – SpyHunterCombo Cleaner or MalwarebytesMalwarebytes.
When your device is virus-free, you're still not out of the woods. Ransomware usually alters various system settings such as registry to help it thrive within the infected machine. So experts[3] recommend using a system tune-up tool like the FortectIntego to find and fix any system irregularities that might cause abnormal device behavior, such as severe lag, crashing, etc.
Was this guide helpful?
Be the first to comment