Site icon Emsisoft | Cybersecurity Blog

Emsisoft releases free decryptor for WannaCryFake ransomware

WannaCryFake Decryptor

WannaCryFake Decryptor

We just released a new free decryption tool for the WannaCryFake ransomware strain.

If you have been infected with this ransomware, please download the FREE decryption tool linked below and DO NOT PAY the ransom. A detailed guide is also included.

Emsisoft WannaCryFake Decryptor

 

Technical details

WannaCryFake is a strain of ransomware that uses AES-256 to encrypt a victim’s files. Files that have been encrypted by WannaCryFake are appended with the file extension:

“.[<id>][recoverydata54@protonmail.com].WannaCry”

According to the ransomware distributors, the price of decryption depends on how quickly you email them, but under no circumstances should you attempt to make contact.

The ransomware also creates a ransom note that contains the following text:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail recoverydata54@protonmail.com

also You can use telegram ID:@data54

You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.

Free decryption as guarantee

Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins

The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.

https://localbitcoins.com/buy_bitcoins

Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/

Jabber client installation instructions:

Download the jabber (Pidgin) client from https://pidgin.im/download/windows/

After installation, the Pidgin client will prompt you to create a new account.

Click “Add”

In the “Protocol” field, select XMPP

In “Username” – come up with any name

In the field “domain” – enter any jabber-server, there are a lot of them, for example – exploit.im

Create a password

At the bottom, put a tick “Create account”

Click add

If you selected “domain” – exploit.im, then a new window should appear in which you will need to re-enter your data:

Userpassword

You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)

If you don’t understand our Pidgin client installation instructions, you can find many installation tutorials on youtube – https://www.youtube.com/results?search_query=pidgin+jabber+install

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Successful WannaCryFake Decryption

Regardless of what the ransom note might say, our decryption tool can help you recover your files for free and will not cause permanent data loss. Please get in touch with our support team if you have any questions.

Exit mobile version