SanwaiWARE ransomware is an encryption virus which can lock all of your documents and files once it enters on your PC. SanwaiWARE ransomware comes inside your PC by trick. Its programmer will send you an email with the title about monetary certificate or bank bills. If you open the attachments on this email, ransomware will be activated immediately. Then SanwaiWARE ransomware uses malicious extension to lock your files, then if you want to restore files, you are required to purchase the decryption key. It can infect the follow file types so far:
.jar, .java, .jnt, .jpe, .jpeg, .jpg, .js, .json, .k2p,.kc2, .kdbx, .kdc, .key, .kpdx, .kwm, .laccdb, .lbf, .lck, .ldf, .lit, .litemod, .litesql, .lock, .log, .ltx, .lua, .m, .m2ts, .m3u, .m4ts, .m4p, .m4v, .ma, .mab, .mapimail, .max, .mbx, .md, .mdb, .mdc, .mdf, .mef, .mfw , .mid, .mkv, .mlb, .mmw, .mny, .money, .moneywell, .mos, .mov, .mp3, .mp4, .mpeg, .mpg, .mrw, .msf, .msg,.myd, .nd, .ndd, .ndf, .nef, .nk2, .nop, .nrw, .ns2, .ns3, .ns4, .nsd, .nsf, .nsg, .nsh, .nvram, .nwb, .nx2, .nxl, .nyf, .oab, .obj, .odb, .odc, .odf, .odg, .odm, .odp, .ods, .odt, .ogg, .oil, .omg, .one , .orf,.ost, .otg, .oth, .otp, .ots, .ott,.1cd, .3dm, .3ds, .3fr, .3g2, .3gp, .3pr, .7z, .7zip, .aac, .ab4, .abd, .acc, .accdb, .accde, .accdr, .accdt, .ach, .acr, .act, .adb, .adp, .ads, .agdl, .ai, .aiff, .ait, .al, .aoi, .apj, .apk, .arw, .ascx, .asf , .asm, .asp, .aspx, .asset, .asx, .atb, .avi, .awg, .back, .backup, .backupdb, .bak, .bank, .bay, .bdb, .bgt,.bik, .bin, .bkp, .blend, .bmp, .bpw, .bsa, .c, .cash, .cdb, .cdf, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdx, .ce1, .ce2, .cer, .cfg, .cfn, .cgm, .cib, .class, .cls, .cmt, .config, .contact, .cpi, .cpp, .cr2, .craw , .crt, .crw, .cry, .cs, .csh, .csl, .css, .csv, .d3dbsp, .dac, .das, .dat, .db, .db_journal, .db3, .dbf,. dbx, .dc2, .dcr, .dcs, .ddd, .ddoc, .ddrw, .dds, .def, .der, .des, .design, .dgc, .dgn, .dit, .djvu, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .drf, .drw, .dtd, .dwg, .dxb, .dxf, .dxg, .edb, .eml, .eps,.erbsql,.erf, .exf, .fdb, .ffd, .fff, .fh, .fhd, .fla, .flac, .flb, .flf, .flv, .flvv, .forge, .fpx, .fxg, .gbr, .gho, .gif, .gray, .grey, .groups, .gry, .h, .hbk, .hdd, .hpp, .html, .ibank, .ibd, .ibz, .idx, .iif , .p12, .p7b, .p7c, .pab, .pages, .pas, .pat, .pbf, .pcd, .pct, .pdb, .pdd, .pdf, .pef, .pem, .pfx, .php, .pif, .pl, .plc, .plus_muhd, .pm !, .pm, .pmi, .pmj, .pml, .pmm,.pmo, .pmr, .pnc, .pnd, .png, .pnx, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .private, .ps, .psafe3, .psd, .pspimage, .pst, .ptx, .pub, .pwm, .py, .qba, .qbb, .qbm, .qbr, .qbw, .qbx, .qby , .qcow, .qcow2, .qed, .qtb, .r3d, .raf, .rar, .rat, .raw, .rdb, .re4, .rm, .rtf, .rvt, .rw2, .rwl,. .sd, .s3db, .safe, .sas7bdat, .sav, .save, .say, .sd0, .sda, .sdb, .sdf, .sh, .sldm, .sldx, .slm, .sql, .sqlite, .sqlite3, .sqlitedb, .sqlite-shm, .sqlite-wal, .sr2, .srb, .srf, .srs, .srt, .srw, .st4, .st5, .st6, .st7, .st8,.stc, .std, .sti, .stl, .stm, .stw, .stx, .svg, .swf, .sxc, .sxd, .sxg, .sxi, .sxm, .sxw, .tax, .tbb, .tbk,.tbn, .tex, .tga, .thm, .tif, .tiff, .tlg, .tlx, .txt, .upk, .usr
If your files are encrypted by SanwaiWARE ransomware, do not buy decryption key from the hacker, who are cyber criminals should not be trusted. Many victims of similar ransomware were scammed by these hackers. You may not get the useful decryption key even though you pay lots of money. To avoid the risk, do not trust them. You should delete SanwaiWARE ransomware first and then try reliable decryption software from legitimate tech company.
Step 1 – Uninstall malicious programs from Control Panel.
Ransomware may infect your system after you install some malicious programs. To avoid being re-infected, first you should uninstall malicious programs from your computer:
- 1. Press “Windows key + R key” together to open Run window
- 2. Input “control panel” in Run window and hit Enter key to open Control Panel
- 3. Click Uninstall a program:
- 4. Right-click programs which may be related with SanwaiWARE ransomware and click Uninstall:
Step 2 Find and remove malicious registry entries of SanwaiWARE ransomware or malicious program.
Note – In case any suspicious files, unwanted program, unwanted browser extension, or unwanted search engine cannot be removed manually, it is often caused by malicious program, which may adds files to registry or make changes in registry . Therefore, to uninstall such stubborn items, you need to find and remove malicious files in the Registry Editor. Check the steps below:
1. Press “Windows key + R key” together to open Run window;
2. Input “regedit” in Run window and hit Enter key to open Registry;
3. Click Edit menu and select Find >> Type virus’s name into it and click Find Next >> Right click on the files and click Delete (Only If you can determine that they are related with malware):
Step 3 Restoring the files encrypted by SanwaiWARE ransomware.
Do not pay any money to recover your files. Even if you were to pay the ransom, there is no guarantee that you will regain access to your files.
The right way to recover your files is to count on legitimate decryption tools. Here are websites of popular cybersecurity community, you can try the decryption tools shared on their sites:
EmsiSoft Decryptor (Free)
EmsiSoft is working on developing free decryptor for the newest ransomware. Currently it provide user with over 40 free and useful decryptors. Please visit https://decrypter.emsisoft.com/ to find and download the decrypter you need.
3. Trend Micro Decryptor (Free)
Trend Micro Ransomware File Decryptor tool is able to decrypt certain type of ransomware. Visit the download page here to follow its instructions to download and use the decryotor for free.
4. Avast Free Ransomware Decryption Tools
Avast free ransomware decryption tools can help decrypt files encrypted by the many types of ransomware. Go to this Avast page and download the decyptors for the latest ransomware.
5. Kaspersky Free Ransomware Decryptors
Kaspersky russian lab now provides many free decryptors. Visit Kaspersky page here and have a try .
6. NoMoreRansom Decryptors
The No More Ransom Project provides free decryption tools for lots of ransomware. Have a try on these tools at this page: https://www.nomoreransom.org/en/decryption-tools.html