Wannapeace Ransomware


A highly advanced form of malware has recently been spreading on the web and infecting unsuspecting online users. The name of the ranger is Wannapeace – a Ransomware cryptovirus, capable of encrypting the victims’ files with complex cryptography and blackmailing them to pay ransom.

Wannapeace Ransomware

The Wannapeace Ransomware Lockscreen

The criminals, who stand behind the infection usually hold a special decryption key, which they offer after the encryption has taken place. If Wannapeace has already made it inside your system and you are now being ruthlessly blackmailed for the access of your own data, on this page, you will learn some useful facts about this type of malware and the possible methods to fight against it.  For those users, who don’t want to pay ransom to the hackers, we have assembled a free removal guide, where you can find instructions for both – deleting the Ransomware and restoring some of your encrypted data. Due to the sophisticated level of this cryptovirus, however, no security expert can provide you with a 100% of recovery method. That’s why we cannot promise you a miraculous recovery from the attack of Wannapeace Rasnomware. Still, we believe that trying out every alternative is preferable than giving your money to some anonymous cyber criminals, which may never send you a decryption key. For this reason, we encourage you to read the next lines and give a try to the removal guide below.

The Wannapeace Ransomware

In the case of an attack with a ransomware like Wannapeace, the targeted files are not damaged, they simply get locked by an encryption code, but they remain on the system. This way of causing harm is a bit challenging for the conventional antivirus programs to recognize, that’s why, more often than not, the Wannapeace Ransomware infection can remain under the radar until a ransom message appears on the victims’ screen.

Ransomware viruses are some of the trickiest and sneakiest forms of malware. They can invade your computer without any visible symptoms, and detecting them before they have applied their encryption is almost impossible. The reason is, most antivirus tools are often unable to recognize the encryption process that the virus runs as malicious. Therefore, they leave it to finish without interrupting it or notifying you. In fact, the traditional virus definitions are programmed to spot processes, which corrupt, delete or damage the computer system and its data.

Why is it advisable to avoid the ransom payment and seek alternatives?

When dealing with cyber criminals, you can never be sure of their actions. Even if you strictly fulfill all the requirements they have in the ransom note, there is no guarantee that they will send you a decryption key. There is also no guarantee that this decryption key will work. The only sure thing is that you will be giving your money to some anonymous hackers, who will continue to trouble you and other online users with their blackmail scheme. Unfortunately, since the ransom payments are usually requested in cryptocurrency (such as Bitcoins) you cannot expect that the criminals will be traced and your money will be retrieved. Such payments are virtually untraceable and help the hackers to remain undetected by the authorities, so they may never get caught and you may never get compensated. With all this in mind, our “How to remove” team, as well as other leading security experts, will always encourage the victims of Ransomware to seek for alternatives and to avoid the ransom payment. One of the options is the guide below, which can help you remove Wannapeace from your system. Additionally, you may be able to get some of your files back without paying ransom by trying out the file-restoration instructions we have included in it.

Ways to protect your PC from Ransomware:

Compared to other malicious threats, the chances of successfully dealing with a Ransomware attack and its consequences are much lower. That’s why it is better to avoid contamination than trying to recover from a sophisticated file encryption. If you want to protect your machine from future Ransomware infections such as Wannapeace, it is very important to remember and apply the security tips that we will give you here. As a beginning, you should always use your common sense when browsing the web and avoid any suspicious link, ad, message or sketchy content. Landing on shady sites and installing unreliable software is also a potential way of catching Ransomware. For your safety, do not neglect the importance of having reputed antivirus software, which is able to detect malicious encryption processes or potential malware transmitters such as Trojans and other well-camouflaged infections. And last, but not least, backing up your files regularly and keeping them safe on an external device can help you restore them anytime, even if Ransomware attacks you. That’s why it is a good idea to create copies of your most important data and store it safely to prevent falling victim of a nasty data blackmail scheme.


Name Wannapeace
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool [banner_table_recovery]
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Remove Wannapeace Ransomware

Wannapeace Ransomware

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Wannapeace Ransomware


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

Wannapeace Ransomware

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Wannapeace Ransomware
Drag and Drop File Here To Scan
Wannapeace Ransomware
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

    Wannapeace Ransomware

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    Wannapeace Ransomware

    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Type msconfig in the search field and hit enter. A window will pop-up:

    Wannapeace Ransomware

    Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

    • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

    Wannapeace Ransomware

    Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

    Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

    Type each of the following in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

    Wannapeace Ransomware 

    How to Decrypt Wannapeace files

    We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment