Whoopsie ransomware (Removal Guide) - Recovery Instructions Included

Whoopsie virus Removal Guide

What is Whoopsie ransomware?

Whoopsie ransomware is a file-encrypting virus developed by German-speaking hackers

Whoopsie ransomware imageWhoopsie is a ransomware which compromises data on the computer and asks to pay €50 as a ransom.

Whoopsie is a ransomware-type cyber threat which is designed to encrypt data using AES cryptography[1]. At this point, the user is no longer able to use the encoded information with .whoopsie extension, unless it is decrypted with a unique key. Criminals demand to pay €50 in Bitcoins for the decryption software. According to the experts, this infection is created by an attacker located in Germany.

Name Whoopsie
Type Ransomware
Danger level High
Cryptography Advanced Encryption Standard (AES)
File extension .whoopsie
Amount of the ransom €50 in BTC
Decryptable No. But you can find alternative ways how to recover data at the end of this article.
Removal The safest way to uninstall Whoopsie ransomware is with FortectIntego

Once Whoopsie ransomware infects the system, it starts encrypting the most widely used files on the system by employing AES algorithms. Afterward, the encoded files are appended with .whoopsie extension and become unusable. The victim merely receives a pop-up window named as Whoopsie which serves as the ransom note.

People are informed about Whoopsie virus infection and the following information:

Do NOT close this Window! (otherwise your Files are gone for even and cant be recovered!)

Your files has been encrypted with Advanced Encryption Standard (AES) and can't be decrypted without a specific key (in this case a ransom generated String)

How to get the key?
Its easier than it seams! Just pay a small fee of 50€ in BTC to {paymentadress} and you will get your decryption key

Unfortunately, there are no guarantees that you will receive Whoopsie ransomware decryptor after paying the so-called small fee. In fact, despite how insignificant the amount of the ransom might seem, attackers can force you to spend more and more after you contact them[2].

Instead of agreeing to the rules of the criminals, we advise you remove Whoopsie ransomware after the infection. You should get help from a professional security tool such as FortectIntego. Keep in mind that you shouldn't try to eliminate this dangerous cyber threat on your own or you might damage your PC even more.

Whoopsie ransomware illustrationWhoopsie is a file-encrypting virus which uses AES cryptography to encrypt essential information on the attacked system.

After Whoopsie virus removal, you will be able to try alternative ways to get back the access to your data. All of them are presented at the end of this article. Although, they are effective only once the ransomware is uninstalled from the infected system.

Distribution: spam emails, peer-to-peer (P2P) networks, and malvertising

Since ransomware-type infections are almost the most dangerous ones, criminals are highly interested in distributing them worldwide. For that, they employ not one, but multiple spread techniques to increase the infection rates of Whoopsie ransomware and similar threats. According to the experts from UK[3], today the most popular distribution method is malicious email attachments.

This method is often recognized as malspam campaigns which are designed to distribute legitimate-looking emails with an infected attachment inside. Once the user clicks on the file, it drops the payload of the ransomware and infects the system. Thus, people should NEVER open letters from suspicious users or companies.

Furthermore, Whoopsie ransomware can enter the system from the shady peer-to-peer (P2P) file-sharing site or malicious ads on websites. Our experts recommend you to download programs only from verified authors and distributors. Additionally, monitor your online activity and refrain from clicking on commercial content to avoid Whoopsie ransomware.

Whoopsie ransomware removal explained

The only way to remove Whoopsie ransomware without causing more damage to the system is by using a robust and reliable antivirus. You can choose to pick FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes and run a full system scan for the elimination.

After Whoopsie ransomware removal, read the guidelines below attentively and learn how to recover files without paying the ransom or using backup copies on the cloud.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Whoopsie virus. Follow these steps

Manual removal using Safe Mode

First step. Reboot the computer to Safe Mode as shown below.

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Whoopsie using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Whoopsie. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Whoopsie removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Whoopsie from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Whoopsie, you can use several methods to restore them:

Get Data Recovery Pro

Experts highly recommend trying this professional software after ransomware attack. Despite the fact that it was primarily designed to help users after the system crash, it might be useful in data recovery as well.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Whoopsie ransomware;
  • Restore them.

Use Windows Previous Versions Feature

If you have previously enabled System Restore function, you can travel back in time and retrieve files before they were encrypted.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Employ ShadowExplorer

This tool is only effective if the ransomware hasn't deleted or compromised Shadow Volume Copies on your computer.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Whoopsie ransomware decryptor is still under-development.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Whoopsie and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions