WECANHELP Ransomware Description
Recently, malware researchers spotted a new data-locking Trojan circulating the Internet. Its name is WECANHELP Ransomware and once dissected this threat revealed to be a variant of the Cry36 Ransomware and the Nemesis Ransomware.
Propagation and Encryption
Cybersecurity experts have not yet been able to determine with full certainty what are the infection vectors applied in the propagation of the WECANHELP Ransomware. It is very likely that spam emails containing macro-laced attachments, bogus application updates, and pirated fake copies of popular software tools may be among the propagation methods used by the creators of the WECANHELP Ransomware. Regardless of how the WECANHELP Ransomware ends up on your system, once it infiltrates it, its first task is to perform a quick scan. The scan is made to determine the locations of the files, which the WECANHELP Ransomware was programmed to target. Next begins the encryption process. When the WECANHELP Ransomware encrypts a file, it also will alter its name. This ransomware threat adds a '.id_
The Ransom Note
The next step is the dropping of the ransom note. The WECANHELP Ransomware's note is named '_RESTORE FILES_.txt.' In the note, the attackers give out three email addresses where they can be contacted – 'email@example.com,' 'firstname.lastname@example.org,' and 'email@example.com.' For the users who may prefer to converse over Jabber, they provide their contact details – 'firstname.lastname@example.org.' The authors of this threat do not mention a specific ransom fee but make it clear that they would like it to be in the shape of Bitcoin. In the note, the attackers also demand that the victim purchases the 'Nemesis Decryptor' tool.
It is never a upstanding idea to contact cybercriminals like the ones responsible for the WECANHELP Ransomware. A much safer approach would be to download and install a reputable anti-virus suite and have it remove the WECANHELP Ransomware from your system. Then, you can try to recover some of the lost files via a third-party data-recovery tool.
Do You Suspect Your PC May Be Infected with WECANHELP Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like WECANHELP Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.