WCH Ransomware

The WCH Ransomware is a computer virus whose attack may cause potentially permanent damage to many of your files. The purpose of the WCH Ransomware is to encrypt the contents of files that may contain important information – images, spreadsheets, documents, presentations, archives, databases and more. Whenever it locks a file, the WCH Ransomware will add the '.[wecanhelpu@tuta.io].wch' extension, which will make the encrypted files easy to recognize. Even if you remove the newly added extension, you will not be able to use the file since its contents have been encrypted.

After the WCH Ransomware completes the file-encryption stage of the attack, it will spawn a new window that contains a message from the attackers. The same message also can be found in the text-file 'FILES ENCRYPTED.txt' that the ransomware will leave on the desktop.

The WCH Ransomware is a New Variant of the Dharma Ransomware

According to the message of the perpetrators, the damage caused by the WCH Ransomware can only be reversed by getting a decryption utility from the threat's creators. Of course, they do not offer this tool for free and, instead, they offer their victims the opportunity to purchase a decryptor by messaging wecanhelpu@tuta.io. It is important to add that victims will receive no proof that the decryption of their files is possible, so it is very likely that the WCH Ransomware authors might be planning to take the money from their victims without providing anything in return.

If you have identified the WCH Ransomware as the culprit that locked your files, then we advise you to take care of this threat's removal by running an up-to-date anti-virus tool. The removal of the file-locker will prevent it from causing more damage, but it will not retrieve the damage that has already been done. You will need to find a way to restore the files marked with the '.[wecanhelpu@tuta.io].WCH' extension – either by restoring them from a backup or by using professional data recovery software.