WLU ransomware : New Iteration of Jaff Ransomware
WLU ransomware also known as WLU Extension is a new creation of Jaff Ransomware developers which was reported by the security investigator Brad Duncan. According to the security expert, this ransomware includes a new design for the displayed ransom notification and append the encoded file name with “.wlu” extension. Just like its older version, this malware continues to be delivered through malicious spam email campaign which utilizes harmful documents contains macros in order to download and install the virus on targeted system.
WLU ransomware Comes with an Updated Ransom Note
In this new variant of Jaff ransomware, the hackers started using a newly designed ransom notification for providing its decryption services. The previous ransom note was titled with “jaff decryptor system” and also contained a blank useless ransom note whose HTML & CSS was a mess. New ransom note displayed by WLU ransomware or WLU Extension is titled as “JAFF DECRYPTOR” which clears one thing that the cyber punks dedicated some time to it. Sadly, as the developers of Jaff ransomware are now producing a newer version and updating their previous design to look more professional means that the previous campaign of this malware have been successful. Although, security researchers can expect to see more updates on this ransomware in the future.
WLU ransomware or WLU Extension Delivered Via Spam Emails
Based on the research report, the WLU ransomware is being distributed with the help of junk emails which pretends to be an invoice for the recipient. Such type of emails will have subjects like Invoice (48-0148), where the number is random. These emails usually contains a malicious attachment like PDF files. When the targeted system users opens up the attached file, the malware immediately invades the system's security and starts scanning the machine for targeted files. Once it find the targeted file types, WLU ransomware uses a strong file encryption algorithm, i.e. AES encryption in order to encode the files. It will append the file name with “.wlu” extension to the enciphered files name. Unluckily, the decryption of encrypted file is not possible for free. However, you can recover the files using backup copies or through Shadow Volume copies.
Manual WLU ransomware Removal From Compromised PC
Method 1: Boot Your Infected PC in Safe Mode
Press “Start”, type “msconfig” and hit “Enter” key.
Select “Boot” tab and check “Safe boot” option and then click on “OK” button.
Method 2: Remove WLU ransomware By Showing All Hidden Files and Folders
Click on “Start” button and go to “Control Panel”.
Select “Appearance and Personalization” option.
Tap on “Folder Options” and select “View” tab.
Choose “Show hidden files, folders and drivers” option. Then, click on “Apply” and “OK” button.
Now, find malicious files and folders created by WLU ransomware and delete them from the system immediately.
Method 3: Clean WLU ransomware Related Hosts File
Click on “Start” and type “%windir%/system32/Drivers/etc/hosts”.
Open “hosts” file with Notepad.
This file must contain the IP addresses of WLU ransomware that you can identify on the word “localhost”.
Method 4: Eliminate Harmful Entries of WLU ransomware From Registry Editor
Press “Win+R” keys simultaneously.
Type “regedit.exe” and hit “Enter” button.
Then after, clean startup folder: “HKLM\Software\Microsoft\Windows\Current version\Run”.
Method 5: Remove WLU ransomware Related Startup Items
Press “Start” and type “msconfig” then hit “Enter” button.
Choose “Startup” tab and uncheck all the suspicious items which is associated with WLU ransomware.
Important: Now, you can recover your system files after WLU ransomware removal. Information about the file restoration methods given below in this article.
Delete WLU ransomware By Using PC Threats Scanner
Manual removal of WLU ransomware requires interference with the computer files and registries. Hence, it can cause unexpected damages onto your machine. Even if your PC skills are not in a professional level, then don’t worry! You can do the ransomware removal yourself just in few minutes by using PC threats scanner.
How To Retrieve Encrypted Data & Files After Removing WLU ransomware
As it was stated in the ransom message, the users files and data cannot be decoded without a decryption key. The hackers insist on paying ransom money, focusing your attention and then trying to display the futility of attempts. In fact, without paying ransom fee to the WLU ransomware developers, users can recover their data in several ways. You need to delete the ransomware virus completely from your system and then go for the data recovery procedure. The first and most easy way to retrieve encrypted data is to use the backup. If you have a check-point, then setup at least 2 or 3 days before you get the WLU ransomware infection.
Step 1: Recover Files From Windows Backup
Click on “Start” and go to “Control Panel”.
Tap “System and Security” and select “Backup and Restore” option.
Choose “Restore files from backup” and specify the check-point to restore.
Step 2: Use Shadow Explorer To Retrieve Files Encrypted by WLU ransomware
If you don’t have the habit of creating backups, then you should use the Shadow Explorer utility. During the encryption process, the WLU ransomware creates an encrypted copies of the system files and delete the original data. In this kind of situation, you can use shadow copies to recover files and data.
Step 3: Restore Encrypted Data by WLU ransomware Using Data Recovery Software
In few cases, the nasty ransomware threats also delete the shadow volume copies of the data. Therefore, in such circumstances, you can download the data recovery software recommended below in this article that may help you to retrieve some of your data and files.