Experienced security professionals discovered a new variant of ransomware which called .DATAWAIT file extension ransomware. It appends the .DATAWAIT extension to encrypted file names. This article will provide you with all the things you need to know about virus, how to remove .DATAWAIT file extension ransomware from your machine and how to restore all encrypted personal files for free.
The DataWait ransomware virus uses very strong hybrid encryption with a large key. The ransomware virus will encrypt almost all types of files, including common as:
.psk, .icxs, .webdoc, .pdd, .xbplate, .fpk, .1st, .y, .eps, .odt, .png, .pst, .wp5, .pfx, .ptx, .cr2, .wmv, .yal, .epk, .bsa, .crt, .dbf, .wpd, .cdr, .forge, .csv, .zip, .hkx, .xlsx, .yml, .sum, .odb, .rgss3a, .mdb, .rim, .mdbackup, .wps, .wmv, .ff, .wri, .accdb, .wma, .upk, .iwi, .docm, .wgz, .xx, .kf, .xxx, .3fr, .der, .p7b, .pkpass, .wire, .ai, .wotreplay, .wpe, .wdp, .orf, .slm, .wp7, .mrwref, .litemod, .doc, .ncf, .wmf, .zip, .sie, .wpl, .wcf, .vcf, .w3x, .m2, .zw, .t13, .wps, .dcr, .odc, .crw, .vpk, .x3d, .zif, .indd, .xlsx, .m3u, .css, .avi, .x, .esm, .wm, .wbm, .fsh, .wpb, .xyw, .xlk, .vtf, .0, .bkf, .srw, .3dm, .xlsm, .mef, .ppt, .jpg, .mddata, .sis, .wn, .mov, .pef, .psd, .xpm, .zdc, .wpd, .txt, .p12, .raw, .tax, .sb, .odm, .r3d, .rwl, .das, .z, .itm, .xdb, .xwp, .m4a, .sav, .hplg, .bik, .rb, .hkdb, .wsc, .flv, .bkp, .bc7, .nrw, .re4, .pem, .menu, .zabw, .xy3, .big, .pak, .odp, .mdf, .rtf, .lrf, .rar, .pptm, .xdl, .arch00, .xbdoc, .sid, .wsd, .cer, .xld, .xls, .ybk, .syncdb, .qic, .dmp, .asset, .sidd, .wsh, .wp, .xll, .wpw, .mcmeta, .rw2, .sidn, .xmind, .erf, .wpt, .p7c, .dng, .ltx, .d3dbsp, .svg, .bar, .x3f, .x3f, .rofl, .xlsm, .dba, .3ds, .ysp, .cas, .wbk, .xar, .wpa, .blob, .ods, .xyp, .layout, .snx, .py, .wav, .mp4, wallet, .sql, .wp4, .wpg, .xf, .1, .pptx, .wma, .kdc, .gho, .dazip, .2bp, .lbf, .jpeg, .wbz, .xlgc, .wbmp, .t12, .xmmap, .jpe, .ztmp, .gdb, .srf, .xml, .wdb, .arw, .ws, .vdf, .wmo, .sr2, .wbd, .z3d, .xls, .itdb, .hvpl, .xlsb, .wp6, .docx, .desc, .ntl, .bay, .raf, .wot, .wmd, .iwd, .pdf, .zdb, .vfs0, .apk, .fos, .map, .zi, .mpqge, .tor, .cfr, .ibank, .7z, .itl, .js, .lvl, .wb2, .kdb, .db0, .qdf, .wbc, .mlx, .vpp_pc, .bc6, .dwg
Once the encryption process is finished, it will drop a ransom demanding message named “!readme.txt” offering decrypt all users documents, photos and music if a payment is made. You can see an one of the variants of the ransomnote below:
!ATTENTION PLEASE!
Your databases, files, photos, documents and other important files are encrypted and have the extension: .DATAWAIT
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by e-mail BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files – you can send us a 1-3 any not very big encrypted files and we will send you back it in a original form FREE.
Discount 50% avaliable if you contact us first 72 hours.E-mail address to contact us:
BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.chReserve e-mail address to contact us:
savefiles@india.comYour personal id:
The DataWait ransomware encourages to make a payment in Bitcoins to get a key to decrypt personal files. Important to know, currently not possible to decrypt .DATAWAIT personal files without the private key and decrypt program. If you choose to pay the ransom, there is no 100% guarantee that you can decrypt all personal files! If you do not want to pay for a decryption key, then you have a chance to restore .DATAWAIT files for free.
Instructions which is shown below, will allow you to remove DataWait ransomware virus as well as recover encrypted files stored on your computer drives.
Table of contents
- How to decrypt .DATAWAIT files
- How to remove DataWait ransomware
- How to restore .DATAWAIT files
- How to protect your PC from .DATAWAIT file extension ransomware?
How to decrypt .DATAWAIT files
Currently there is no available way to decrypt .DATAWAIT files, but you have a chance to restore encrypted documents, photos and music for free. The .DATAWAIT file extension ransomware repeatedly tells the victim that uses a hybrid encryption mode. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a solution because of the big length of the key. Therefore, unfortunately, the only payment to the developers of the DataWait ransomware entire amount requested – the only way to try to get the decryption key and decrypt all your files.
There is absolutely no guarantee that after pay a ransom to the creators of the .DATAWAIT file extension ransomware, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new virus.
How to remove DataWait ransomware
The following instructions will help you to remove DataWait ransomware virus and other malicious software. Before doing it, you need to know that starting to delete the ransomware, you may block the ability to decrypt documents, photos and music by paying authors of the ransomware requested ransom. Zemana Anti-malware, Kaspersky virus removal tool and Malwarebytes Anti-malware can detect different types of active ransomware infections and easily delete it from your PC system, but they can not recover encrypted documents, photos and music.
Use Zemana Anti-malware to remove .DATAWAIT file extension ransomware
Zemana Anti-malware is a utility which can remove ransomware infections, adware, PUPs, hijackers and other malicious software from your machine easily and for free. Zemana Anti-malware is compatible with most antivirus software. It works under Windows (10 – XP, 32 and 64 bit) and uses minimum of machine resources.
Installing the Zemana Anti-Malware (ZAM) is simple. First you will need to download Zemana Anti-Malware on your MS Windows Desktop by clicking on the link below.
164113 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
After downloading is finished, close all programs and windows on your personal computer. Double-click the setup file called Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as shown in the following example, click the “Yes” button.
It will open the “Setup wizard” which will help you set up Zemana Free on your PC. Follow the prompts and don’t make any changes to default settings.
Once install is done successfully, Zemana Anti-Malware will automatically start and you can see its main screen as shown on the image below.
Now click the “Scan” button to search for the .DATAWAIT file extension ransomware and other security threats. This process may take some time, so please be patient.
When Zemana Anti Malware (ZAM) has completed scanning your system, Zemana Free will show a list of all threats detected by the scan. When you are ready, click “Next” button. The Zemana will get rid of DataWait ransomware virus related files, folders and registry keys and add items to the Quarantine. When that process is finished, you may be prompted to restart the computer.
Run MalwareBytes Anti Malware to remove DataWait ransomware
Remove .DATAWAIT file extension ransomware manually is difficult and often the virus is not completely removed. Therefore, we recommend you to use the MalwareBytes AntiMalware (MBAM) which are fully clean your PC system. Moreover, this free program will allow you to get rid of malware, potentially unwanted software, toolbars and ad-supported software that your PC system can be infected too.
Download MalwareBytes Anti Malware (MBAM) on your machine by clicking on the following link.
326464 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
When downloading is complete, close all programs and windows on your personal computer. Open a directory in which you saved it. Double-click on the icon that’s named mb3-setup as displayed in the following example.
When the install begins, you’ll see the “Setup wizard” that will help you install Malwarebytes on your personal computer.
Once installation is finished, you’ll see window as displayed in the following example.
Now press the “Scan Now” button to perform a system scan for the DataWait ransomware virus and other security threats. A scan may take anywhere from 10 to 30 minutes, depending on the number of files on your computer and the speed of your PC system. When a malicious software, adware or PUPs are found, the count of the security threats will change accordingly. Wait until the the scanning is complete.
Once MalwareBytes AntiMalware has finished scanning, MalwareBytes will create a list of unwanted programs adware. In order to delete all items, simply click “Quarantine Selected” button.
The Malwarebytes will now start to remove DataWait ransomware virus and other security threats. After finished, you may be prompted to restart your computer.
The following video explains guidance on how to remove hijacker, adware and other malware with MalwareBytes.
Remove DataWait ransomware from computer with KVRT
KVRT is a free removal tool that can be downloaded and run to remove ransomware viruses, adware, malicious software, potentially unwanted applications, toolbars and other threats from your system. You may run this utility to look for threats even if you have an antivirus or any other security program.
Download Kaspersky virus removal tool (KVRT) on your PC system from the following link.
129082 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is finished, double-click on the KVRT icon. Once initialization procedure is done, you’ll see the KVRT screen as on the image below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to perform a system scan for the .DATAWAIT file extension ransomware. This task can take quite a while, so please be patient. When malware, ad-supported software or potentially unwanted programs are detected, the count of the security threats will change accordingly.
When the scan is done, Kaspersky virus removal tool will open a list of all threats found by the scan as displayed in the following example.
Review the results once the tool has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click on Continue to start a cleaning process.
How to restore .DATAWAIT files
In some cases, you can restore files encrypted by .DATAWAIT file extension ransomware. Try all methods listed below. Important to understand that we cannot guarantee that you will be able to restore all encrypted personal files.
Restore .DATAWAIT encrypted files using Shadow Explorer
A free tool named ShadowExplorer is a simple way to use the ‘Previous Versions’ feature of Microsoft Windows 10 (8, 7 , Vista). You can recover .DATAWAIT files encrypted by the DataWait ransomware virus from Shadow Copies for free.
Click the following link to download ShadowExplorer. Save it on your Windows desktop.
438823 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After the download is complete, extract the downloaded file to a directory on your machine. This will create the necessary files as shown on the image below.
Run the ShadowExplorerPortable program. Now choose the date (2) that you want to restore from and the drive (1) you wish to recover files (folders) from as on the image below.
On right panel navigate to the file (folder) you want to recover. Right-click to the file or folder and press the Export button as shown in the figure below.
And finally, specify a folder (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Use PhotoRec to recover .DATAWAIT files
Before a file is encrypted, the DataWait ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your photos, documents and music using file recover apps like PhotoRec.
Download PhotoRec from the following link.
Once downloading is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown in the following example.
Double click on qphotorec_win to run PhotoRec for Windows. It’ll display a screen as on the image below.
Choose a drive to recover as shown below.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as displayed in the following example.
Click File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is complete, press OK button.
Next, click Browse button to select where recovered photos, documents and music should be written, then click Search.
Count of recovered files is updated in real time. All recovered files are written in a folder that you have chosen on the previous step. You can to access the files even if the restore process is not finished.
When the recovery is finished, press on Quit button. Next, open the directory where recovered documents, photos and music are stored. You will see a contents as shown in the following example.
All restored personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your PC from .DATAWAIT file extension ransomware?
Most antivirus software already have built-in protection system against the ransomware virus. Therefore, if your PC system does not have an antivirus application, make sure you install it. As an extra protection, run the CryptoPrevent.
Run CryptoPrevent to protect your system from DataWait ransomware virus
Download CryptoPrevent by clicking on the link below.
www.foolishit.com/download/cryptoprevent/
Run it and follow the setup wizard. Once the setup is complete, you will be shown a window where you can choose a level of protection, as displayed on the image below.
Now click the Apply button to activate the protection.
Finish words
After completing the instructions shown above, your PC should be free from DataWait ransomware virus and other malicious software. Your personal computer will no longer encrypt your photos, documents and music. Unfortunately, if the step-by-step guide does not help you, then you have caught a new ransomware virus, and then the best way – ask for help here.
thanks for explaining but all this is to remove .DATAWAIT all what i need is decryptor because Drive C is formatted already and before that i moved all infected files to external HDD hopefully to find decryptor
thank u please if u hear something let me know