WannaDie Ransomware Removal

How to Remove WannaDie Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

Ooops, your important files are encrypted.
If you read this text, but do not see the window “Wanna die decrypt0r”, then your antivirus has removed the decryptor. Disable antivirus software or remove it from your computer.


Files are encrypted, what should I do?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer available, because they have been encrypted. Perhaps you are busy searching for a way to restore your files, but do not waste your time. No one can recover your files without our decryption service.


Are you stuck with the WannaDie Ransomware? This program is a Russian wannabe of the infamous WannaCry Ransomware. It locks your personal files and demands a ransom afterwards. As you could imagine, paying would be a terrible mistake. Ransomware-type viruses attempt to trick you into giving your Bitcoins away. These parasites are trying to scam you so keep in mind how dangerous WannaDie Ransomware is. Be careful and make sure you tackle the virus as soon as possible. Put your safety first and don’t let hackers blackmail you. As soon as WannaDie Ransomware gets installed, it scans your machine. By doing so, the parasite locates all files that it is about to encrypt. We’re talking photos, music files, documents, videos, etc. All your data falls victim to the virus. This program uses a combination of AES and SHA-256 algorithm to lock your files. It goes without saying WannaDie Ransomware successfully encrypts your information. Do you store important files on your machine? Always make sure you have backup copies in case another ransomware program gets to you. The Internet is currently full of file-encrypting viruses. You see, ransomware is extremely effective when it comes to helping hackers gain profit. These pesky infections aim straight at your private, important, precious files. They deny you access to your favorite videos, work-related documents and memories. Eventually, crooks are trying to trick you into paying a ransom. Bear in mind paying is the last thing you should do. WannaDie Ransomware drops ransom notes which claim hackers will provide a decryptor. Can you trust cyber criminals to keep their word, though? Crooks are solely trying to involve you in a fraud so you have no reason to believe them. If you make the payment, hackers get access to your sensitive details. Hence, it’s your privacy that is at stake. Not to mention, you won’t even receive the decryption key you were promised. This whole thing is an attempt for a scam so make sure you don’t worse your already bad situation.

How did I get infected with?

The virus gets spread online via fake messages and emails. If you come across a wndie.exe file, know it’s associated with the WannaDie Ransomware. Therefore, be cautious online in order to prevent malware infiltration. Such parasites may pretend to be job applications or other safe documents. If you open the corrupted email-attachment, you get infected. That is why you should stay away from unreliable emails or messages you may receive. Chances are, those are harmful. Another popular infiltration method involves fake torrents or bogus program updates. Be careful what you download as many parasites also get attached to program bundles. Avoid illegitimate websites and only install software you trust. Ransomware often travels the Web with some help from other infections. Check out your device for some additional threats and viruses. You may spot some sneaky Trojan horse that must be uninstalled too.

remove WannaDie

Why is WannaDie dangerous?

WannaDie Ransomware holds your data hostage. It may not make the victim want to die but it definitely destroys your online experience. The infection attempts to convince you that paying the ransom is mandatory. However, following hackers’ instructions would only make the mess greater. Restrain yourself from paying anything and ignore the parasite’s empty promises. WannaDie Ransomware lies to your face so you could fall right into hackers’ trap. According to the ransom messages, hackers will restore your information. They promise a decryption key but you should never negotiate with cyber criminals. If anything, you would disclose some private information and provide hackers even more opportunities to cause you harm. Instead of letting crooks steal your Bitcoins, get rid of their infection. The nasty WannaDie Ransomware must be immediately tackled. File-encrypting viruses are among the most dangerous and aggressive types of malware. The sooner you get rid of the WannaDie Ransomware, the better. You will find our detailed manual removal guide down below.

WannaDie Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover WannaDie Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.


  • Locate any suspicious processes associated with WannaDie encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate WannaDie encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment