Wintenzz Ransomware

Wintenzz Ransomware Description

Type: Ransomware

The Wintenzz Ransomware is a malware threat that can wreak havoc on any system it infects. By initiating an encryption routine with a strong cryptographic algorithm, the Wintenzz Ransomware is capable of locking users out from accessing their own files effectively. All of the popular file types will be affected - MS Office documents, PDFs, audio, video, photos, databases, archives, etc. The victims of the threat will then be extorted for money if they wish to restore their data by receiving the required decryption key from the hackers.

When the Wintenzz Ransomware locks a file, it also will change that file's original name by appending '.wintenzz' to it as a new extension. Furthermore, after completing its encryption process, the malware will proceed to deliver a ransom-demanding message in the form of a file named 'STARTOPEN_ote.html.' This HTML file will be executed on every system boot.

According to the instructions in the note, Wintenzz Ransomware's victims are expected to buy $200 worth of bitcoins and send the sum to the provided crypto-wallet address. After completing the transactions, users will have to initiate communication with the hackers by messaging them at the 'winhelp@cryptolab.nl' email address.

It is strongly discouraged to enter into negotiations with people responsible for unleashing malware threats. Not only are there no guarantees that all of the locked data will be restored successfully, but the hackers are more than likely going to take the money and use it to fund their next threatening operation.

The full text of the ransom note dropped by the Wintenzz Ransomware is:

'Warning!

Your files have been encrypted!
Please follow the instructions below to restore them. Failing to follow the instructions may result in permanent data corruption.

  1. Purchase $200 in Bitcoin (BTC). Visit hxxps://bitcoin.org/en/buy to learn how to do this.
  2. Send the new Bitcoin to the following address: 1M48oia3zbzuwqCWsWSA242EanbxH191CB
  3. Contact our support team at winhelp@cryptolab.nl and explain your issue.
  4. After we have confirmed your Bitcoin payment, our support team will send you a decryption password.
  5. Use the password with our program to decrypt your files instantly.'

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.