INFOWAIT Ransomware

INFOWAIT Ransomware is your regular ransomware infection that encrypts files stored on the affected system and then displays a ransom note that says you have to pay to get those files back. This program can affect both individual and corporate users. In fact, it is far more likely that the infection will try to bully small businesses into paying the ransom fee. However, you should never succumb to its threats. Remove INFOWAIT Ransomware from your computer today, and then focus on restoring your files. While public decryption tool is not available, there are still ways to get your data back, so do not lose hope.

This infection comes from the STOP Ransomware family. This would mean that INFOWAIT Ransomware should be similar to KEYPASS Ransomware, Guvara Ransomware, and Kiratos Ransomware. Usually, when programs come from the same family, they tend to have some unique features, but they are based on the same code and thus, their behavioral patterns can be quite similar. At least, we can tell that they use the same distribution methods. So, if you know how one program from this family is distributed, you can avoid similar infections.

For the most part, ransomware programs tend to be distributed via spam email attachments. It also means that users download and install these dangerous programs willingly. Of course, they are not aware of the fact that they are about to infect their systems with the likes of INFOWAIT Ransomware when they open some recently downloaded file. What’s more, the spam emails that distribute ransomware tend to look like official notifications from online stores, business partners, and sometimes even personal messages from real people. So, it makes them look reliable and people for it. Therefore, you would do yourself a favor if you scanned the downloaded file with a security tool of your choice.

Unlike stealthy Trojans, ransomware makes its presence known almost immediately. INFOWAIT Ransomware is actually an interesting case because when it starts encrypting your files, the window that it opens pretends to be installing a Windows update. Therefore, at first, it might take some time for the users to understand what’s going on. However, it is easy to see when files get affected by INFOWAIT Ransomware because this ransomware application adds extensions to all affected files. For example, if before the encryption we had a filename with file.jpg, then after the encryption it will have changed to file.jpg.INFOWAIT. On the other hand, you don’t even need to look for these extensions because the file icons will change, and the system won’t be able to read them anymore.

All affected folders also receive a ransom note in the TXT format file. The filename says !readme.txt, so users might feel compelled to open it. Needless to say, the file supposedly says how you should restore your files by paying the ransom fee. Here’s what the note declares:

Your databases, files, photos, documents and other important files are encrypted and have the extension: .INFOWAIT
The only method of recovering files is to purchase an decrypt software and unique private key.
After purchase you will start decrypt software, enter your unique private key and it will decrypt all your data.
Only we can give you this key and only we can recover your files.
You need to contact us by email [email address], send us your personal ID and wait for further instructions.
For you to be sure, that we can decrypt your files – you can send us a 1-3 any not very big encrypted files and we will send you back it in original form FREE.
Price for decryption $290 if you contact us first 72 hours.

As you can see, the people behind INFOWAIT Ransomware give you limited time to contact them and pay the ransom. Security experts are always against paying the ransom because it only encourages these criminals to create more dangerous threats.

If you have your files backed up on an external hard drive, please remove INFOWAIT Ransomware for good, and then delete the encrypted files too. You can transfer healthy copies back into your drive immediately. If not, look for ways to restore your files as this program was released a while ago, and so a public decryption tool should be available by now.

How to Remove INFOWAIT Ransomware

1. Delete the file that launched the infection.
2. Delete the !readme.txt ransom notes.
3. Press Win+R and type regedit. Click OK.
4. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
5. On the right side, delete the SysHelper value.
6. Close Registry Editor and press Win+R again.
7. Type %LocalAppData% into the Open box and click OK.
8. Delete two folders with long random names.
9. Delete the script.ps1 file.
10. Scan your PC with SpyHunter.