What is WinWord64 Ransomware
WinWord64 ransomware is a cryptovirus that encrypts user data using the AES+RSA algorithm. Moreover, this affects photos, videos, archives, documents of the MS Office, and much more. Of course, such files are extremely important for ordinary users, so many are ready to pay any money to get the data back. At the end of August 2020, the first reports appeared that WinWord64 ransomware was encrypting user data. A few weeks later, the virus has spread all over the world and terrorizes users from different countries. In addition, WinWord64 ransomware changes the file extension to .encrypted, which makes them permanently inoperable. Also, WinWord64 ransomware creates a popup containing the scammers’ demands. This is how it looks:
The Matrix Has You!!
ATTENTION: All Your Files Are Belong To Us!!!
All files on your hard drive are encrypted by WinWord64.
Your documents, photos, and other important files have been encrypted with the strongest encryption and unique key generated for this computer.
A private decryption key is required to decrypt your files, and no one else can decrypt your files unless you pay for the private key.
You must send $500 worth of bitcoin to this address to purchase the decryption key : 569G40JNu9432opmQ021233
Cybercriminals are demanding a ransom of $500, and this amount must be paid in cryptocurrency, in particular, in bitcoins. We do not recommend that you pay, as there is no guarantee that you will actually receive your data, even if you fully comply with the requirements of the attackers. Use our recommendations to remove WinWord64 ransomware and decrypt .encrypted files.
How to remove WinWord64 Ransomware
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will WinWord64 Ransomware system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the WinWord64 Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows
Restore your files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Step 2: Remove following files and folders of WinWord64 Ransomware:
Related connections or other entries:
How to decrypt files infected by WinWord64 Ransomware?
You can try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although the latest versions of WinWord64 Ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
How to prevent your system from Ransomware?
Make sure your Remote Desktop Protocol (RDP) connection is closed when you don’t use it. Also, we recommend using a strong password for this service. The most efficient way to avoid data lose is of course to make a backup of all important data from your computer.