Emsisoft releases free decryptor for WannaCryFake ransomware

 In Blog

We just released a new free decryption tool for the WannaCryFake ransomware strain.

If you have been infected with this ransomware, please download the FREE decryption tool linked below and DO NOT PAY the ransom. A detailed guide is also included.

  • Download the WannaCryFake Decryptor here
Emsisoft WannaCryFake Decryptor

Emsisoft WannaCryFake Decryptor

 

Technical details

WannaCryFake is a strain of ransomware that uses AES-256 to encrypt a victim’s files. Files that have been encrypted by WannaCryFake are appended with the file extension:

“.[][recoverydata54(Replace this parenthesis with the @ sign)protonmail.com].WannaCry”.

According to the ransomware distributors, the price of decryption depends on how quickly you email them, but under no circumstances should you attempt to make contact.

The ransomware also creates a ransom note that contains the following text:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail recoverydata54(Replace this parenthesis with the @ sign)protonmail.com

also You can use telegram ID:@data54

You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.

Free decryption as guarantee

Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins

The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.

https://localbitcoins.com/buy_bitcoins

Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/

Jabber client installation instructions:

Download the jabber (Pidgin) client from https://pidgin.im/download/windows/

After installation, the Pidgin client will prompt you to create a new account.

Click “Add”

In the “Protocol” field, select XMPP

In “Username” – come up with any name

In the field “domain” – enter any jabber-server, there are a lot of them, for example – exploit.im

Create a password

At the bottom, put a tick “Create account”

Click add

If you selected “domain” – exploit.im, then a new window should appear in which you will need to re-enter your data:

Userpassword

You will need to follow the link to the captcha (there you will see the characters that you need to enter in the field below)

If you don’t understand our Pidgin client installation instructions, you can find many installation tutorials on youtube – https://www.youtube.com/results?search_query=pidgin+jabber+install

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Successful WannaCryFake Decryption

Successful WannaCryFake Decryption

  •  Download the WannaCryFake Decryptor here

Regardless of what the ransom note might say, our decryption tool can help you recover your files for free and will not cause permanent data loss. Please get in touch with our support team if you have any questions.

The post Emsisoft releases free decryptor for WannaCryFake ransomware appeared first on Emsisoft | Security Blog.

Recent Posts
Support Ticket