Werd Ransomware

Werd Ransomware Description

Most cyber crooks are not as highly-skilled as they are often portrayed. Most shady individuals who decide to try their luck in the world of cybercrime are not very proficient or experienced. In the case of ransomware threats, such actors would opt to borrow the readily available code of well-established file-encrypting Trojans and only slightly tweak it to fit their needs. This is the case with the Werd Ransomware.

Propagation and Encryption

Once spotted and dissected, it became evident that the Werd Ransomware is in fact a variant of the notorious STOP Ransomware. Despite malware researchers being unable to determine the infection vectors used in the spreading of the Werd Ransomware, the most popular ransomware propagation methods have been speculated as potential culprits. This includes fake pirated copies of legitimate applications, fraudulent software updates and spam emails that contain macro-laced attachments. The Werd Ransomware targets a very long list of popular filetypes, which every regular user is sure to have on their system - .jpeg, .mp3, .mov, .docx, .mp4, .png, .rar, etc. Once the Werd Ransomware has located the files of interest, it will lose no time and begin locking them using a complex encryption algorithm immediately. The Werd Ransomware adds a new extension to the locked files – ‘.werd.’ This means that a file that was called ‘golden-spinner.jpeg’ previously, will have its name changed to ‘golden-spinner.jpeg.werd’ when the encryption process is through.

The Ransom Note

As with more ransomware threats, when the encryption process is completed, the file-locking Trojan will drop its ransom note on the victim’s desktop. The name of the Werd Ransomware’s note is ‘_readme.txt.’ The message of the note states that the ransom fee is $980, but for users who contact the authors of the Werd Ransomware within 72 hours successfully, the price will be dropped by 50% to $490. The attackers offer to unlock one file for free. This is a common tactic and serves to convince the victim that the authors of the malware are capable of decrypting the locked data. There are two email addresses that are given out as a means of contacting the attackers – ‘gorentos@bitmessage.ch’ and ‘gerentosrestore@firemail.cc.’

It is always best to stay clear from cyber crooks. Users who attempt to negotiate or bargain are often left empty-handed even if they pay the ransom fee as there is no guarantee that the attackers will provide you with the decryption key they promise. It is far safer to utilize the help of an anti-virus tool, which will aid you in wiping off the Werd Ransomware from your PC.

Do You Suspect Your PC May Be Infected with Werd Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Werd Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.