Werd Ransomware Description
Most cyber crooks are not as highly-skilled as they are often portrayed. Most shady individuals who decide to try their luck in the world of cybercrime are not very proficient or experienced. In the case of ransomware threats, such actors would opt to borrow the readily available code of well-established file-encrypting Trojans and only slightly tweak it to fit their needs. This is the case with the Werd Ransomware.
Propagation and Encryption
Once spotted and dissected, it became evident that the Werd Ransomware is in fact a variant of the notorious STOP Ransomware. Despite malware researchers being unable to determine the infection vectors used in the spreading of the Werd Ransomware, the most popular ransomware propagation methods have been speculated as potential culprits. This includes fake pirated copies of legitimate applications, fraudulent software updates and spam emails that contain macro-laced attachments. The Werd Ransomware targets a very long list of popular filetypes, which every regular user is sure to have on their system - .jpeg, .mp3, .mov, .docx, .mp4, .png, .rar, etc. Once the Werd Ransomware has located the files of interest, it will lose no time and begin locking them using a complex encryption algorithm immediately. The Werd Ransomware adds a new extension to the locked files – ‘.werd.’ This means that a file that was called ‘golden-spinner.jpeg’ previously, will have its name changed to ‘golden-spinner.jpeg.werd’ when the encryption process is through.
The Ransom Note
As with more ransomware threats, when the encryption process is completed, the file-locking Trojan will drop its ransom note on the victim’s desktop. The name of the Werd Ransomware’s note is ‘_readme.txt.’ The message of the note states that the ransom fee is $980, but for users who contact the authors of the Werd Ransomware within 72 hours successfully, the price will be dropped by 50% to $490. The attackers offer to unlock one file for free. This is a common tactic and serves to convince the victim that the authors of the malware are capable of decrypting the locked data. There are two email addresses that are given out as a means of contacting the attackers – ‘firstname.lastname@example.org’ and ‘email@example.com.’
It is always best to stay clear from cyber crooks. Users who attempt to negotiate or bargain are often left empty-handed even if they pay the ransom fee as there is no guarantee that the attackers will provide you with the decryption key they promise. It is far safer to utilize the help of an anti-virus tool, which will aid you in wiping off the Werd Ransomware from your PC.
Do You Suspect Your PC May Be Infected with Werd Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Werd Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.