Wooly Ransomware Removal Guide

Do you know what Wooly Ransomware is?

According to our malware analysts, Wooly Ransomware is a malicious application that can infect your computer by stealth and encrypt many of your important files. The goal is to force you to pay its creators money for a decryption key. However, you cannot trust cyber criminals to send you he decryptor once you have paid, so we recommend that you remove this application from your PC without paying a dime. Our malware researchers have tested this application, and all of the relevant information is inside this article, so if you are interested in finding out more about it, please continue reading.

If your PC were to become infected with Wooly Ransomware, then you should know that it will start encrypting your files immediately with an AES (Advanced Encryption Standard) encryption algorithm. The AES encryption is very strong indeed, and this ransomware should create a public encryption and private decryption keys and send the decryption key to a remote server so that security experts could not locate the key, crack the encryption code and create a decryption program.

Our researchers have discovered that Wooly Ransomware was configured to encrypt file types such as MS Office documents, PDF, text files, databases, photos, music, video, image files, and so on. While encrypting these files, the ransomware appends hem with a custom “.woody” file extension that acts as a file marker at tells you which files were encrypted. Researchers say that this ransomware should also change the file names to not allow you to know which file is which.

Once the encryption is complete, this ransomware should drop a ransom note demanding that you pay a ransom in Bitcoins. The exact sum to be paid is not known, but it can range from hundreds to thousands of dollars. However, if the cyber criminals ask for much money, then you should refrain from paying the ransom because your files might not be worth the money. Furthermore, after you pay the ransom, the crooks might not send you the decryptor and leave your files encrypted indefinitely.

As far as the distribution methods of Wooly Ransomware go, researchers say that its developers can distribute it in many ways. Email spam is the most likely method to be used as it is very effective. The developers might have set up a dedicated email server to spam the inboxes of random users with fake receipts or invoices that feature an attached file that may look like a document. In reality, however, that file is a dropper file used to infect your PC with this ransomware. Also, the developers can use exploit kits that are injected into a browser. The exploit kits exploit security vulnerabilities in your browser and download this ransomware on your PC secretly. Furthermore, the cyber criminals can use fake updates and repacked software installers featured on freeware websites to infect your PC as well. As you can see, this ransomware can be distributed in many creative ways, and it is your job to keep your PC secure.

In closing, Wooly Ransomware is a dangerous infection that can make your personal, valuable files into piles of useless bytes. It can enter your PC by stealth, provided that you do not have an anti-malware program to protect it. Our cyber security experts recommend using SpyHunter’s free scanner to detect this ransomware and then navigate to the location of that file and delete it manually. See the removal guide below for more information.

Removal Guide

  1. Go to http://www.spyware-techie.com/download-sph
  2. Download SpyHunter-Installer.exe.
  3. Install the program and run it.
  4. Click Scan Computer Now!
  5. Copy the file path of the malware from the scan results.
  6. Press Windows+E keys.
  7. Enter the file path of the malware in File Explorer’s address box.
  8. Press Enter.
  9. Locate, right-click the malicious files and click Delete.
  10. Empty the Recycle Bin.

In non-techie terms:

Wooly Ransomware is a typical ransomware that can encrypt your personal files and then demand you pay money to decrypt them, but do not rush to pay because you might not get the promised decryptor. Therefore, it is only reasonable to remove this ransomware altogether. See the guide above for more information.