FANDOM


Wesker is a ransomware that runs on Microsoft Windows. It does not add any appendix to blocked data.

Payloads

When Wesker blocks particular files on the PC or the whole system, it is important to stop further penetration and heal the infected items if that is still possible. 

There is a big variety of documents and files that can be touched and blocked by Wesker ransomware. These components include Microsoft Word documents, Excel data, PowerPoint presentations, audio and video files, archives, etc. Once the data is locked, users are provided with this type of ransom-demanding message:

the Hello, dear friend Eツ  
the All your work and personal files is have Been encrypted by the 
the W R. The Esker ENCRYPTE 
Your files is damaged are the NOT, for They are modified only. They can be decrypted. 
How to decrypt files? 
You have to buy special software – “Wesker Decryptor”. 
The method of payment of the decryptor 
For this: 
[1] Download Tor-browser (https://www.torproject.org/download/download-easy.html
[2] Install and run it 
[3] Open the website in the Tor-browser “: Http://wesker7b27uikjn3.onion/index.php?6b1AAdbb9d737C529783cf7eec9703dA
[4] Follow the further instructions. 
IMPORTANT: 
* Do not try to reinstall the OS, restore and decrypt the files yourself. All attempts will be unsuccessful. 
** You can get the decryptor ONLY on the specified link. 
*** If you don’t have the ability to use the Tor-browser, use the Telegram to get the actual list of web mirrors: https://t.me/tor2web_wesker  
_________________________________________________ 
— BEGIN WESKER KEY– – 
3EfCC66625B0B3C77Ed0d1135BE86B00zf79Fme9lOEqwb 5VXmSPV95FnuZZHY0 + + PWnldmJ 
*** Bei CMkTFlvFj8Nw4 + 
— the END Wesker the KEY — 
— — the BEGIN the PC the DATA 
dC504376F3a09e99a8e60C951ad9baab3u + RqddfDoA8khQ7kuYavaKvTE *** 2Q6PUa0lCm9 / a 
— the END the PC the DATA —
_________________________________________________

Wesker might include a big variety of damaging features that might not be recognized from the first view. However, these threats can not only encrypt targeted files but they also might inject other infections such as trojans or spyware into the computer system. This will just harden the elimination process.