FANDOM


WannaSmile is a ransomware that runs on Microsoft Windows.

Payload

Immediately after infiltration, WannaSmile encrypts most stored data and adds the ".WSmile" extension to each filename. For instance, "sample.jpg" is renamed to "sample.jpg.WSmile". From this point, the file becomes unusable.

Once files are encrypted, WannaSmile creates a "How to decrypt files.html" file and places it on the desktop. This file contains a ransom-demand message.

Community content is available under CC-BY-SA unless otherwise noted.