How to remove The Wise Guys ransomware

What is The Wise Guys ransomware?

The Wise Guys ransom note:

All of your files have been encrypted by The Wise Guys.

What has happened?

All of your files have been encrypted with AES-256 Algorithm.
You may be looking online how to recover from this encryption.
Do not bother, you will never find results for our certain encryption.
Never contact anyone about this either, they cannot help you here.
However, do not panic. We still hold the decryption key for your files.
If you follow our instructions, we can get them back for you.

How can I get the key?

You must pay a sum of money in Ethereum, we accept nothing else.
We're looking at you sending us about $500 worth of Ethereum.
If you don't know how to get cryptocurrency, just Google it.
After you have completed that step, you will have to contact us.
Do not trust anyone saying they can help with decryption.
They are scammers, only we hold they key, they will do two things.
Either steal the money from you, leaving your files locked still.
Or they will add their fee on top of ours, making it more expensive.
You can only trust us here, everyone else is a scammer.

Where do I contact you?

You contact us via. e-mail at naturescare1@tuta.io for payments.
Do not send curse words or we will ignore any requests of yours.
Please include your ID within this e-mail somewhere for decryption.
It is very important, and it allows us to decrypt your files.

[REDACTED]

If you do not include this ID, we cannot recover your files.
Do not spam our e-mail either, or we will ignore your requests.
Remember, patience is what works here. Don't be so hasty.

What if I try to recover my files?

You cannot recover them, at least not easily. We removed backups.
However, we have a backup copy of your own files we had stolen.
If you decide not to pay up, we'll just leak all your stuff.
This includes, passwords, personal info and files.
If you pay, not only do you get your files back quicker.
You also don't have to worry about stolen info.

Kind regards from The Wise Guys.
We wish you good luck with your files.

This is the end of the note. Below you will find a guide explaining how to remove The Wise Guys ransomware.

The Wise Guys is a fake ransomware program. On the surface, it appears to act much like any other ransomware would, encrypting files and demanding payment for their decryption. The hackers behind these programs typically do not bother actually decrypting the files; once the victim has paid, they simply stop talking to them. Nonetheless, most ransomware actually encrypts files using genuine cryptographic algorithms, as this gives the victim an illusion that their files could be restored by paying the hacker.
The Wise Guys ransomware, however, doesn’t bother with keeping up this pretense. Though it does leave a ransom note, “readme.txt”, which you can see on the image above, the claims it makes are completely false. The virus does not encrypt the files at all, it simply deletes them.
Though this might sound bad, in a way, this is a blessing in disguise, as far as ransomware attacks go. Decrypting the files after such an attack without paying the hacker generally involves attempting to restore the original files in some way and not genuine decryption. It is possible to remove The Wise Guys ransomware, and restore at least some of your files; the guide below will explain how. And you will not waste your money knowing that there’s no possibility of decryption.

How to Remove The Wise Guys Ransomware

If you have working backups of your encrypted files or you are not going to try and recover lost files, then scan your computer with one or several antivirus and anti-malware programs or reinstall the operating system altogether.

SpyHunter is a powerful anti-malware solution that protects you against malware, spyware, ransomware and other types of Internet threats. SpyHunter is available for Windows and macOS devices. It will help you remove The Wise Guys ransomware and will keep your computer secure from future threats.

Download SpyHunter

Alternative antiviruses:
WiperSoft (Windows)

How to Recover Files Encrypted by The Wise Guys Ransomware

Ways to recover encrypted files:

  1. Restore from backup. If you make regular backups to a separate device and check from time to time that those are in working order and files can be successfully restored – well, you probably won’t have any problems getting back your files. Just scan your computer with a couple of AVs and anti-malware programs or reinstall the operating system, and then restore from backup.
  2. Recover some files from cloud storage (DropBox, Google Drive, OneDrive, etc.) if you have one connected. Even if encrypted files were already synced to the cloud, a lot of cloud services keep old versions of altered files for some time (usually 30 days).
  3. Recover Shadow Volume Copies of your files if those are available – ransomware usually tries to delete them too. Volume Shadow Copy Service (VSS) is a Windows technology that periodically creates snapshots of your files and allows you to roll back changes made on those files or recover deleted files. VSS is enabled together with System Restore: it’s turned on by default on Windows XP to Windows 8 and disabled by default on Windows 10.
  4. Use file recovery software. This probably won’t work for Solid State Drives (SSD – a newer, faster and more expensive type of data-storage devices) but is worth a try if you store your data on a Hard Disc Drive (HDD – an older type of storage device which generally has more capacity). When you delete a file from your computer – and I mean completely delete: use Shift + Del or empty the Recycle Bin – on an SSD, it gets wiped from the drive right away. On an HDD however, it rather gets marked as deleted, and the space it occupies on a hard drive – as available for writing, but the data is still there and is usually recoverable by special software. However, the more you use the computer, especially if you do something that writes new data on the hard drive, the more chance that your deleted file gets overwritten and will be gone for good. That is why, in this guide we will try to recover deleted files (as you remember, ransomware creates an encrypted copy of a file and deletes the original file) without installing anything on a disk. Just know that this still might not be enough to successfully recover your files – after all, when ransomware creates encrypted files it writes new information on a disk, possibly on top of files it just deleted. This actually depends on how much free space is there on your hard drive: the more free space, the less chance that new data will overwrite the old data.
  5. Going further, we need to 1) stop ransomware from encrypting files that we recover, if malware is still active; 2) try not to overwrite files deleted by ransomware. The best way to do it is disconnect your hard drive and connect it to another computer. You will be able to browse all your folders, scan them with antivirus programs, use file recovery software or restore data from Shadow Volume Copies. Although it is better to download all tools you’ll need beforehand and disconnect the computer from the Internet before connecting the infected hard drive, just to be safe.
    Disadvantages of this method:

    • This might void your warranty.
    • It’s harder to do with laptops, and you’ll need a special case (disk enclosure) to put a hard drive in before connecting it to another machine.
    • It is possible to infect the other computer if you open a file from the infected drive before scanning the drive with AVs and removing all found malware; or if all AVs fail to find and delete the malware.

    Another, easier, way is to load into Safe Mode and do all file recovery measures from there. However, that will mean using the hard drive and potentially overwriting some data. In this case it’s preferable to use only portable versions of recovery software (the ones that don’t require installation), download them onto an external device, and save any recovered files onto an external device too (external hard drive, thumb drive, CD, DVD, etc.).

    Boot Into Safe Mode:

    Win XP Windows XP, Win Vista Windows Vista, Win 7 Windows 7:

    1. Restart the computer.
    2. Once you see a boot screen tap F8 key continuously until a list of options appears.
    3. Using arrow keys, select Safe Mode with Networking.
    4. Press Enter.

    Win 8 Windows 8, Win 8.1 Windows 8.1, Win 10 Windows 10:

    1. Hold down Windows key Windows key and hit X key.
    2. Select Shut down or sign out.
    3. Press Shift key and click on Restart.
    4. When asked to choose an option, click on Advanced options => Startup Settings.
    5. Click Restart in the bottom right corner.
    6. After Windows reboots and offers you a list of options, press F5 to select Enable Safe Mode with Networking.

    Back up Your Encrypted Files

    It is alwayse advisable to create a copy of the encrypted files and put it away. That might help you if free ransomware decryptor becomes available in the future, or if you decide to pay and get the decryptor but something goes wrong and files get irreparably damaged in the process of decryption.

    Use File Recovery Tools to Recover Files

    Stellar Phoenix Windows Data Recovery Professional is an easy to use Windows data recovery software to get back lost documents, emails, photos, videos & many more from HDD, USB, Memory Card, etc.

    Download Stellar Data Recovery

    Screenshot:
    restore the files with Stellar Data Recovery

    About Stellar Data Recovery

    R-Undelete
    restore the files with R-Undelete
    How to recover deleted files with R-Undelete

    Recover Encrypted Files From Shadow Copies.

    The easiest way to access Shadow Volume Copies is by using a free tool called Shadow Explorer. Just download the latest version and install it (or download the portable version).

    1. Launch Shadow Explorer.
    2. On the top left part of the window you can select a disk (C:\, D:\, etc.) and a date when a snapshot of files was taken.
    3. To recover a file or a folder right-click on it and select Export’.
    4. Choose where do you want to put the files.

    How to Prevent A Ransomware Infection In the Future

    Attachments in spam emails are one of the most common ways ransomware ends up on users’ computers. MailWasher filters spam and lets you preview emails on a server without downloading them onto your computer. MailWasher has customizable spam filters, uses bayesian filtering and works with all major email programs: Outlook, Outlook Express, Thunderbird, GMail, etc.

    Download MailWasher

    Remove The Wise Guys Ransomware

    Now that you have your recovered the files or at least stored the still encrypted files on an external device, it is time to scan your computer with AV and anti-malware software or, better yet, reinstall the operating system, to fully remove The Wise Guys ransomware and get rid of any possible traces. Remember to also scan your external device before putting files back on your computer!

    Download SpyHunter

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top