How to remove Wdlo ransomware

Wdlo ransomware is file-encrypting malware released by the cybercriminals operating the Djvu/STOP ransomware family. The malware will encrypt your files and demand that you pay a ransom in order to get a decryptor. This is why this ransomware is considered to be a very dangerous infection. All malware from this family are more or less identical to one another, and can be identified by the extensions they add to encrypted files. This one adds .wdlo, which is why it’s called Wdlo ransomware. For users with a backup, recovering files should not be an issue. But for those who do not have copies of their files, files may be lost permanently.

 

 

Wdlo ransomware, like all malware of this kind, will target all your personal files. That includes photos, videos, images, documents, etc., essentially anything that you’d be willing to pay for. You will be able to identify encrypted files by the extensions added to them. This one adds .wdlo, so an encrypted image.jpg file would become image.jpg.wdlo. Files with this extension will not be openable unless you first decrypt them. But acquiring the decryptor will not be so easy.

The ransomware will drop a _readme.txt ransom note in folders that have encrypted files once it’s done with file encryption. The note, while quite generic, does explain how files can be recovered. Unfortunately, it involves buying a decryptor from the cybercriminals operating this ransomware. The current price for the decryptor is $980 but there supposedly is a 50% discount for victims who make contact with the cybercriminals within the first 72 hours. Whether that is actually true or not is questionable but keep in mind that paying the ransom comes with many risks. The most important thing you need to be aware of is that you are not guaranteed a decryptor even after paying. You are dealing with cybercriminals, so they’re unlikely to feel any obligation to help you. Many users in the past have not received their decryptors, despite paying the ransom.

If your files have been encrypted by this ransomware, you need to use anti-malware software to get rid of it. Do not attempt to remove Wdlo ransomware manually because you could end up causing additional damage. When your anti-malware removes the ransomware, you can access your backup to start your file recovery. If the ransomware was still present on your computer when you access your backup, your backed-up files would become encrypted as well.

If you do not have a backup, your only option is to wait for a free decryptor to become available. You will not find one at the moment but it could be released in the future. There is a free Djvu/STOP decryptor by Emsisoft but it’s unlikely to work on Wdlo ransomware. More recent ransomware versions from the Djvu family use online keys to encrypt files, which means the keys are unique to each user. And Emsisoft’s decryptor can only help users whose keys Emsisoft has. But while it’s unlikely to work, it’s still worth a try. It’s also possible that a free Wdlo ransomware decryptor will become available sometime in the future. If you’re out of options, back up your encrypted files and wait for a free decryptor to become available.

How does ransomware infect computers?

Ransomware distributors use a variety of different methods to spread their infections. Generally, users who have bad browsing habits are much more likely to infect their computers because they are more careless when online. For example, if users open unsolicited email attachments without double-checking them first, they risk a malware infection. Email attachments are a favored method by malicious actors because it’s quite low-effort. They purchase email addresses from various hacker forums, write semi-convincing emails, and attach malware to them. When users open the attachments, they initiate the malware. But fortunately, the emails are fairly obvious most of the time.

Malicious senders pretend to be from legitimate companies, usually famous ones, to pressure users into opening the attachments. The emails usually claim that the attachments are important documents that need to be reviewed urgently. For example, the email may claim the file is a receipt for something expensive. But whether it’s done purposely or not, the emails are usually full of grammar/spelling mistakes that immediately give them away. And it’s not just the mistakes, the emails always look very unprofessional. Furthermore, malicious senders usually claim that users are their customers but address them with generic terms like “User”, “Member”, “Customer”, etc., instead of using their names. Companies whose services users use will always address them with their names because it looks unprofessional otherwise.

In most cases, malicious emails are very obvious. But if malicious actors have access to certain personal information, they can be much more sophisticated. This is why it’s always recommended to scan unsolicited email attachments with anti-virus software or VirusTotal before opening them.

It’s also very common to pick up malware from torrents. Torrent websites are often quite badly regulated, which allows malicious actors to upload torrents with malware in them. It’s not uncommon for popular content (movies, TV shows, video games, software) to contain malware. So not only is using torrents to pirate copyrighted content essentially stealing, but it’s also dangerous for the computer/data.

Wdlo ransomware removal

Ransomware is a very complex malware infection that should be removed using anti-malware software. We don’t recommend attempting to do it manually because you could end up causing additional damage to your computer. Furthermore, unless you know exactly what you’re doing, you might not fully delete Wdlo ransomware, which could later allow it to recover. And if you connect to your backup while ransomware was still present, your backed-up files would become encrypted as well. And if that were to happen, your files may be lost permanently.

Once you remove Wdlo ransomware completely, you can access your backup to start file recovery. If you do not have a backup, back up your encrypted files and wait for a free Wdlo ransomware decryptor to become available. It may take a while but it’s not impossible that it would be released eventually.