DataWait Ransomware Removal Guide

Do you know what DataWait Ransomware is?

DataWait Ransomware is a troublesome malicious application that disables Task Manager and encrypts various files. According to our computer security specialists, the malware blocks Task Manager to stop the user from killing its process and deleting it. The reason it is advisable to eliminate the threat is that there is a chance it could encrypting new files upon each system restart. That is because the malicious application makes the infected computer relaunch it with every reboot. If you do not want to risk this to happening, we encourage you to remove DataWait Ransomware. Since it might be challenging to get rid of it, less experienced users may want to use reputable antimalware software. As for those determined to deal with the malware manually, we can offer our removal guide available at the end of this report. Also, in the rest of the text, you can find more information about the threat’s working manner, ways it could be spread, and so on.

Since DataWait Ransomware comes from the STOP Ransomware family, it might be spread in similar ways like the versions created before it. For example, targeted victims could receive it via suspicious email attachments. Since distributing malware through infected attachments is still one of the most popular methods, we cannot stress it enough how important it is to stay away from files that seem suspicious or scan them with a selected antimalware tool first. Moreover, the malicious application could be spread with fake software installers or updates. Our computer security specialists say the scenario is quite likely as they noticed the threat shows a fictitious notification saying the system is updating after it enters the computer.DataWait Ransomware Removal GuideDataWait Ransomware screenshot
Scroll down for full removal instructions

Upon its installation, DataWait Ransomware should create a lot of various files. For example, it may place a particular Registry entry in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run directory. This might allow the malware to restart with the operating system, and if it does, there is a chance it could encrypt data it did not affect before. The infection enciphers files with a robust cryptosystem. As a result, they become unreadable and gain a second extension called .DATAWAIT. The next step for DataWait Ransomware is to create ransom notes that would contain a message from the hackers who created it. Such files should be called !readme.txt and they may appear in all folders containing encrypted data. The messages inside of them should ask users to pay a ransom of 290 US dollars to get a decryption tool that could unlock all affected files. However, since the note does not say how to make the payment, it mentions a couple of email address for those who want to contact the threat’s creators and get instructions on how to pay the ransom.

As you probably realize, hackers should not be trusted blindly, as no matter how friendly they may sound, there is always a chance they could scam you. If you have no wish to deal with them, we advise deleting DataWait Ransomware with the removal guide available below or with a reputable antimalware tool if the instructions seem too complicated.

Reboot in Safe Mode with Networking

Windows 8/Windows 10

  1. Press Windows Key+I (Win8) or open Start menu (Win10) and click the Power button.
  2. Tap and hold the Shift key and press Restart.
  3. Open Troubleshoot and select Advanced Options.
  4. Pick Startup Settings and click Restart.
  5. Press the F5 key and reboot the device.

Windows XP/Windows Vista/Windows 7

  1. Go to Start then select the Shutdown options and click Restart.
  2. Click and hold the F8 key as soon as the device starts restarting.
  3. Select Safe Mode with Networking and click Enter.
  4. Log on to the computer.

Erase DataWait Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Pick Task Manager and check the Processes tab.
  3. Locate a process belonging to the malware.
  4. Choose the process and click End Task.
  5. Exit Task Manager.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  8. Find a file opened when the device got infected, right-click the malicious file and select Delete.
  9. Find these paths:
    %USERPROFILE%\Local Settings\Application Data
    %LOCALAPPDATA%
  10. Find the listed data in both mentioned folders:
    {random name}.exe
    script.ps1
  11. Right-click these files and choose Delete.
  12. Navigate to the same locations again:
    %USERPROFILE%\Local Settings\Application Data
    %LOCALAPPDATA%
  13. Look for folders with long random names, for example, dfebd084-11fb-41be-bfb2-da7e291a4873; right-click them and choose Delete.
  14. Exit File Explorer.
  15. Press Windows Key+R, type Regedit and choose OK.
  16. Navigate to this path: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  17. Look for a value name that could be related to the malicious application, for example, SysHelper.
  18. Right-click this value name and press Delete.
  19. Close the Registry Editor.
  20. Empty Recycle bin.
  21. Restart the computer.

In non-techie terms:

DataWait Ransomware is a threat that encrypts user’s files and marks them with .DATAWAIT extension, for example, fox.jpg.DATAWAIT. Sadly, data that has this extension cannot be opened unless the user has a particular decryption tool. Of course, the hackers behind the threat claim to have it and promise to deliver it in exchange for 290 US dollars. Needless to say, they might not necessarily do so even if they guarantee it. Thus, you should think carefully about whether you want to risk it. In case you do not, we recommend not to put up with any demands and eliminate the malicious application. As mentioned in the main text, we also advise it because the threat might be able to restart with the system and keep encrypting new files. Since deleting the malware could be difficult even with the removal guide available above, it might be best to use a reputable antimalware tool. Our computer security specialists say users should be able to install it and perform a full system scan right after restarting the computer in Safe Mode with Networking.