Whycry Ransomware Removal Guide

Do you know what Whycry Ransomware is?

Whycry Ransomware, also known as Why-Cry, is a threat that, at this moment, does not function properly. Our researchers have tested this threat, and it crashed every time after launch. It could not encrypt files like a normal ransomware infection. That, of course, does not mean that this infection is feeble or irrelevant. On the contrary, it is very important to be aware of up and coming threats because they can be upgraded at any point. For all we know, the current version of this malware is just a test, and the next version will be the real thing. In fact, you might have landed on this page because this threat has already invaded your operating system, and you are trying to delete it quickly. Of course, if this is the case, we will update the report. In the meantime, learn what our malware research team has found when analyzing this suspicious threat. At the bottom of the article, you can also find Whycry Ransomware removal instructions.

Since Whycry Ransomware is not fully active at this time, we cannot know for sure how it spreads. Of course, it is a safe bet to say that spam emails could be exploited because that is how most ransomware infections (e.g., Scarab Ransomware or TheDarkEncryptor Ransomware) spread. That being said, we must take into consideration that Windows vulnerability exploits, backdoors opened by Trojans, and even worms could be employed. Once the threat is in, it should not waste time. Our sample showed that a blue screen opens up upon the execution of Whycry Ransomware. Right after that, the screen turns grey, and this one shows the ransom demands. The infection paralyzes the mouse cursor to make you think that there is no way out. In fact, you can launch Task Manager using Ctrl+Alt+Delete combination and then terminate the process representing the screen-locker. Do not panic when you discover that your Desktop does not function per usual. The ransomware kills explorer.exe, which you can recover via the Task Manager as well.Whycry Ransomware Removal GuideWhycry Ransomware screenshot
Scroll down for full removal instructions

Unfortunately, the ransom note represented by Whycry Ransomware warns you against turning the PC off or doing other things. The note informs that if you do, your files will be lost, and the instructions on how to pay the ransom will be removed. According to these instructions, you must pay a ransom of 300 USD to 1NgnRmq7eYeMR5BRr7tVR3fDJxmWwC6bVj. To reassure you that your files will be decrypted after you pay the ransom, the creator of Why-Cry Ransomware suggests that their creation is “more advanced than others.” Obviously, you cannot trust this. In fact, if you pay the ransom, you are unlikely to win anything. Even if the infection has encrypted your files – which it cannot do at the moment – paying the ransom is not a good idea because cyber criminals do NOT care about you or your files. Speaking of files, when the infection encrypts them, it should add the “.whycry” extension. Our research team also found that the threat might be able to encrypt nearly 200 different types of files.

You can delete Whycry Ransomware manually, and the instructions below explain how to do that in just a few simple steps. Nonetheless, the removal of this infection is not the only thing that you need to think about. You also need to take care of your virtual security, and a trustworthy anti-malware tool is the best thing for you. The amazing part about this software is that it can automatically erase all existing threats as well, and so if you install it now, you will not need to think about the protection of your operating system or the elimination of dangerous malware. Of course, if you want to install this software, you have to restore exporer.exe first. The instructions below will help you with that.

UPDATE (08/27): A decryption key - YANGTGTDKYFWSBDAUWPMFNHBUGPFUCKYOUBITCH - has been released. Apply it to unlock the screen. If it does not work, use the removal instructions available below.

Remove Whycry Ransomware

  1. Tap keys Ctrl+Alt+Delete simultaneously to launch Task Manager.
  2. Click the Processes tab and identify the [random name] process responsible for the lock-down.
  3. Right-click the malicious process and select Open File Location.
  4. Go back to the process, click it once, and then click End process/task.
  5. Go to the malicious [random name].exe file, right-click it, and choose Delete.
  6. Go back to the Task Manager and click File at the top.
  7. Click New Task (Run…) to open the Create New Task dialog box.
  8. Enter explorer.exe and click OK.

In non-techie terms:

Whycry Ransomware is an infection that might become extremely dangerous. At the time of research, this ransomware could not encrypt files or cause permanent damage, but our malware analysts warn that this threat has the potential to infect vulnerable operating systems (most likely via spam emails) and encrypt personal files. Regardless in which stage you encounter this threat, you need to make sure that you delete it as soon as possible. If you cannot get past the lock-down of your PC, you might think that it is impossible to delete Whycry Ransomware. That is not the case. Follow the instructions above or, better yet, install a legitimate anti-malware tool, and this devious ransomware will be erased in no time.