Watz ransomware is a generic file-encrypting malware infection from the Djvu/STOP ransomware family. Because it encrypts files, it’s considered to be very dangerous. Unfortunately, unless users have backups, free file recovery is not possible.

 

 

Watz ransomware is operated by the cybercriminals behind the Djvu/STOP. It’s essentially another version. New versions are released on a regular basis. They can be identified by the extensions they add to encrypted file names. This version adds .watz, hence why it’s known as Watz ransomware.

Unfortunately, this ransomware targets all personal files, including photos, videos, documents, images, etc. You will know which files have been encrypted by the file extensions. For example, an encrypted 1.txt file would become 1.txt.watz. You will not be able to open any files with this extension until you use a decryptor on them. However, obtaining a decryptor is not easy as the only ones who have it are the cybercriminals operating this ransomware.

When the ransomware is done encrypting files, a _readme.txt ransom note will be dropped. The note is very generic but contains information about how users can get the decryptor. Unfortunately, users are asked to pay $999 in ransom. There’s supposedly a 50% discount for users who make contact within the first 72 hours but whether that is true is dubious. The note also mentions that users can decrypt one file for free provided it does not contain any important information.

If you do not have a backup, paying the ransom to get the decryptor may seem like a good idea. However, keep in mind that you are dealing with cyber criminals, and there are no guarantees that they will keep their end of the deal. Unfortunately, many ransomware victims who paid in the past did not receive decryptors.

The full _readme.txt ransom note is below:

ATTENTION!

Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
Do not ask assistants from youtube and recovery data sites for help in recovering your data.
They can use your free decryption quota and scam you.
Our contact is emails in this text document only.
You can get and look video overview decrypt tool:

Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that’s price for you is $499.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
support@freshingmail.top

Reserve e-mail address to contact us:
datarestorehelpyou@airmail.cc

Your personal ID:

If you have a backup, you can start recovering your files as soon as you remove Watz ransomware from your computer. Use an anti-malware program to remove Watz ransomware. Once it’s no longer detected, it’s safe to connect your backup.

If you do not have a backup, your only option may be to back up the encrypted files and wait for a free Watz ransomware decryptor to be released. If a free Watz ransomware does get released, it will be available on NoMoreRansom.

Ransomware distribution methods

Users with poor browsing habits are much more likely to pick up a malware infection. Developing better browsing habits is recommended as it will allow users to avoid a lot of malware infections.

Ransomware can be distributed through malicious emails. Fortunately, unless users are very specific targets, malicious emails tend to be quite generic and easy to recognize. Firstly, they’re riddled with grammar and spelling mistakes. Senders usually claim to be legitimate companies so the mistakes are very jarring.

Another sign of a potentially malicious email is the sender using words like User, Member, Customer, etc., to address users while claiming to be from a company whose services users use. When companies correspond with customers, they use users’ names to address them to make the emails seem more personal. Malicious actors target many users with the same email campaign so they use generic words.

If a malicious email has a specific target, it would be much more sophisticated. For one, the emails would not have grammar/spelling mistakes. They would also contain certain information to make the emails seem more credible. Users’ names would also be used to address them. We strongly recommend scanning all unsolicited email attachments with anti-malware software or VirusTotal to avoid opening something malicious.

Torrents are also used for malware distribution. Many torrent sites are poorly moderated, which allows malicious actors to upload torrents with malware in them. Infections are especially common in torrents for entertainment content like movies, TV series, and video games. Thus, downloading copyrighted content using torrents is not only content theft but also dangerous for the computer.

How to remove Watz ransomware

Ransomware is a sophisticated infection that requires a professional program to get rid of. Do not attempt to remove Watz ransomware manually because you could cause additional damage to your computer. Use an anti-malware program, and once the ransomware is gone, connect to your backup to recover your files.

Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply