Victims of WannaCryFake ransomware can download free decryptor

by Brendan Smith
September 28, 2019

Emsisoft has good news for users that were affected by WannaCryFake ransomware attacks. WannaCryFake ransomware victims can download a free decryptor.

Developers have released a free tool that will help to return files encrypted by this malware.

“If you have been infected with this ransomware, please download the FREE decryption tool linked below and DO NOT PAY the ransom. A detailed guide is also included”, — report Emsisoft developers.

Unlike real crypto-mining exploits, ransomware is dependent on extortion to reap a reward. Ransomware attacks increased 118 percent in 2019, equaling 504 new threats per minute, in the first quarter, according to a McAfee report.

WannaCryFake is a variation of the notorious WannaCry ransomware designed for Microsoft computers in 2017. It blocks victims files using AES-256 or an advanced encryption standard.

The following extension is added to the affected files:

.[][[email protected]].WannaCry

“The amount of the ransom depends on how quickly you email the attackers. However, we urge you not to mess with ransomware under any pretext”, — Emsisoft writes on the blog.

The note of the attackers contains two contacts for communication: the Telegram channel and e-mail. The victim must pay a ransom in bitcoins.

In the case of payment, the criminals promise to send back a tool for decrypting files. Before payment, you can send ransomware 5 files (the size should not exceed 4 MB), which will be decrypted for free to demonstrate that everything is “clean”.

Read also: Smominru botnet infected 90 thousand devices in just the last month

Once downloaded, the Emsisoft Decryptor uses the encrypted file and the original unencrypted version to piece together the keys needed to decrypt locked data. Because the protocol uses filename extensions to determine the encryption parameters, users are instructed not to rename their files.

Victims of this encryptor can download a free decryption tool from this link.

Emsisoft’s software allows users to keep a record of the decryption process by using the Save Log button.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

Cybersecurity analyst with 15+ years digging into malware and threats, from early days reverse-engineering trojans to leading incident responses for mid-sized firms.

At Gridinsoft, I handle peer-reviewed breakdowns of stuff like AsyncRAT ransomware—last year, my guides helped flag 200+ variants in real scans, cutting cleanup time by 40% for users. Outside, I write hands-on tutorials on howtofix.guide, like step-by-step takedowns of pop-up adware using Wireshark and custom scripts (one post on VT alternatives got 5k reads in a month).

Certified CISSP and CEH, I’ve run webinars for 300+ pros on AI-boosted stealers—always pushing for simple fixes that stick, because nobody has time for 50-page manuals. Tools of the trade: Splunk for hunting, Ansible for automation, and a healthy dose of coffee to outlast the night shifts.

View all posts

Leave a Reply

Sending