What is WHY ransomware?
WHY is a ransomware virus that encrypts all personal files on a targeted computer including documents, photos, and videos, in short, all that is valuable. It is not a new virus, WHY ransomware is another brainchild of infamous Crysis, aka Dharma, aka Phobos ransomware family group which is responsible for the appearance of many similar viruses.
If your computer is infected with WHY ransomware, do not rush to pay for decryption of your files, because in most cases cybercriminals will ask for more money, even if you pay them full ransom cost. Still, you may use this tutorial to remove WHY ransomware and decrypt .WHY files.
Once the encryption procedure is done, you won’t be able to open files with .[firstname.lastname@example.org].WHY extension unless they are decrypted. WHY ransomware developers report with the help of pop-up window and FILES ENCRYPTED.txt note that the only way to get your data back is to buy a decryption tool. As usual, cybercriminals offer free decryption of several files to prove that they can really decrypt the victim’s files. Typically, such virus programs encrypt data securely enough so that you have no choice but to purchase decryption tools from cybercriminals. Regular backups will save you these problems. It is worth noting that the files remain encrypted even after the removal of the ransomware, its deletion only prevents further encryption.
The content of the pop-up window:
YOUR FILES ARE ENCRYPTED
Don’t worry,you can return all your files!
If you want to restore them, follow this link:email email@example.com YOUR ID 1E857D00
If you have not been answered via the link within 12 hours, write to us by e-mail:firstname.lastname@example.org
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
We strongly recommend not to comply with their requirements because there are no guarantees that you will obtain your files when the transaction happens. On the contrary, there is a high risk of being deceived and simply left with nothing. Of course, they claim the opposite, that it is supposedly not in their interests to trick you. Think for yourself, Why should they send you the key, if they have already received a ransom from you? The only reliable way to solve the problem is to remove WHY ransomware from the system using appropriate software in order to stop the malicious actions of the virus and then restore your data from the backup.
The content of FILES ENCRYPTED.txt file:
all your data has been locked us
You want to return?
write email email@example.com or firstname.lastname@example.org
At the last stage of the infection stage, this ransomware may delete all shadow volumes on your computer. After that, you will not be able to carry out the standard procedure for recovering your encrypted data using these shadow volumes. There are two solutions to remove WHY Ransomware and decrypt your files. The first is to use an automated removal tool. This method is suitable even for inexperienced users since the removal tool can delete all instances of the virus in just a few clicks. The second is to use the Manual Removal Guide. This is a more complex way that requires special computer skills.
Screenshot of WHY encrypted files:
How WHY ransomware gets on my computer?
– Spam attachments and hyperlinks
– Software vulnerabilities and exploits
– Malicious sites
– Backdoors (defects of the algorithm that are intentionally built into it by the developer and allow you to gain unauthorized access to data or remote control of the operating system and the computer as a whole)
How to remove WHY ransomware?
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will prevent system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the WHY ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows
Restore your files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
How to decrypt files infected by WHY Ransomware?
You can try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although the latest versions of WHY Ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Click the ecrypted file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
How to prevent your system from Ransomware?
No one is safe from infection with a virus that secretly encrypts your data. But in order to minimize this risk, you need to follow the rules:
1. Always make Windows updates on time and keep them up to date. Remember that these updates close the security holes of the system through which the virus can enter your computer.
2. The most efficient way to avoid data loss is of course to make a backup of all important data from your computer. It is enough just to synchronize the necessary folders with one of the cloud services, so as not to be afraid to see the text requiring the payment of bitcoins in exchange for a decryption key. It can be a cloud or a remote hard drive on the network. If you store all your files on the Internet, the likelihood of virus infection will be lower. Do not make copies to external hard drives, as this could damage them.
3. Since spam email is the most popular form of spreading ransomware-type viruses, the user should never open email attachments without first having scanned them with antivirus. Just clicking on the link or opening the attachment can damage the operating system (Windows) in a few minutes, damage important data and infect other machines with the virus.
4. All previous methods do not matter if you do not have a reliable antivirus. The presence of anti-virus protection on your computer can prevent all these unpleasant surprises. Anti-virus protection will protect you from malware, money loss, time loss, invasion of your personal life. Now the antivirus market is so huge that it is difficult to make a choice in favor of one of them. If you have not decided who to give preference to, we suggest you familiarize yourself with our Top 5 Antivirus Software for Windows