Wannapeace Ransomware Removal (+File Recovery) Dec. 2017 Update

This page aims to help you remove Wannapeace Ransomware for free. Our instructions also cover how any Wannapeace file can be recovered.

A highly advanced form of malware has recently been spreading on the web and infecting unsuspecting online users. The name of the ranger is Wannapeace – a Ransomware cryptovirus, capable of encrypting the victims’ files with complex cryptography and blackmailing them to pay ransom. The criminals, who stand behind the infection usually hold a special decryption key, which they offer after the encryption has taken place. If Wannapeace has already made it inside your system and you are now being ruthlessly blackmailed for the access of your own data, on this page, you will learn some useful facts about this type of malware and the possible methods to fight against it.  For those users, who don’t want to pay ransom to the hackers, we have assembled a free removal guide, where you can find instructions for both – deleting the Ransomware and restoring some of your encrypted data. Due to the sophisticated level of this cryptovirus, however, no security expert can provide you with a 100% of recovery method. That’s why we cannot promise you a miraculous recovery from the attack of Wannapeace Rasnomware. Still, we believe that trying out every alternative is preferable than giving your money to some anonymous cyber criminals, which may never send you a decryption key. For this reason, we encourage you to read the next lines and give a try to the removal guide below.

 Wannapeace Ransomware – a threat that is very difficult to detect!

Ransomware viruses are some of the trickiest and sneakiest forms of malware. They can invade your computer without any visible symptoms, and detecting them before they have applied their encryption is almost impossible. The reason is, most antivirus tools are often unable to recognize the encryption process that the virus runs as malicious. Therefore, they leave it to finish without interrupting it or notifying you. In fact, the traditional virus definitions are programmed to spot processes, which corrupt, delete or damage the computer system and its data. In the case of an attack with a cryptovirus like Wannapeace, the targeted files are not damaged, they simply get locked by an encryption code, but they remain on the system. This way of causing harm is a bit challenging for the conventional antivirus programs to recognize, that’s why, more often than not, the Ransomware infection can remain under the radar until a ransom message appears on the victims’ screen.

Wannapeace Ransomware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Wannapeace files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Why is it advisable to avoid the ransom payment and seek alternatives?

When dealing with cyber criminals, you can never be sure of their actions. Even if you strictly fulfill all the requirements they have in the ransom note, there is no guarantee that they will send you a decryption key. There is also no guarantee that this decryption key will work. The only sure thing is that you will be giving your money to some anonymous hackers, who will continue to trouble you and other online users with their blackmail scheme. Unfortunately, since the ransom payments are usually requested in cryptocurrency (such as Bitcoins) you cannot expect that the criminals will be traced and your money will be retrieved. Such payments are virtually untraceable and help the hackers to remain undetected by the authorities, so they may never get caught and you may never get compensated. With all this in mind, our “How to remove” team, as well as other leading security experts, will always encourage the victims of Ransomware to seek for alternatives and to avoid the ransom payment. One of the options is the guide below, which can help you remove Wannapeace from your system. Additionally, you may be able to get some of your files back without paying ransom by trying out the file-restoration instructions we have included in it.

Ways to protect your PC from Ransomware:

Compared to other malicious threats, the chances of successfully dealing with a Ransomware attack and its consequences are much lower. That’s why it is better to avoid contamination than trying to recover from a sophisticated file encryption. If you want to protect your machine from future Ransomware infections such as Wannapeace, it is very important to remember and apply the security tips that we will give you here. As a beginning, you should always use your common sense when browsing the web and avoid any suspicious link, ad, message or sketchy content. Landing on shady sites and installing unreliable software is also a potential way of catching Ransomware. For your safety, do not neglect the importance of having reputed antivirus software, which is able to detect malicious encryption processes or potential malware transmitters such as Trojans and other well-camouflaged infections. And last, but not least, backing up your files regularly and keeping them safe on an external device can help you restore them anytime, even if Ransomware attacks you. That’s why it is a good idea to create copies of your most important data and store it safely to prevent falling victim of a nasty data blackmail scheme.


Name Wannapeace
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Leave a Comment