How to remove DEATH ransomware and decrypt .wctc files

DEATH ransomware encryption process.

Every day users share a great amount of files and information. Sometimes this information and these files can be harmful and DEATH ransomware is one of such files. This is a new ransomware and it is also called WACATAC. To be more exact, DEATH is a file-encryption ransomware, that doesn’t belong to any already known ransomware family. However, it’s a unique virus, it has a lot in common with such viruses family as STOP(DJVU) ransomware family: MBED, PEET, GROD, MOSK, TOEC, NAKW, Derp, COOT, Nols, Werd, Ndarod, Leto, Bora and RECO; and DHARMA file-encryption ransomware family the members of which are: KHARMA, newer version of MONEY, Money, Oo7 and CASH. It’s very difficult to protect yourself from the infection with DEAT ransomware, as hackers use various tricks to hide it. Commonly the inject the code of the virus into harmless files and this code executes once the infected file has been opened. Such files are usually spread by the means of email attachments, however, they can be found nearly everywhere. File sharing services, torrent files, free software and files can be potential sources of infection. If you have been accidentally infected with this virus, don’t try to remove DEATH ransomware encryption by yourself. Every single manipulation can damage the encrypted file.

The encryption process is unique for all viruses, but it always has some common features. The encryption process of DEATH ransomware is a two-step one. The first step that it makes is the scanning of the hard drive. DEATH ransomware can encrypt only definite file formats, as the encryption of all files would take a great amount of time. These files are all types of documents and a great amount of media files. It’s so, as these files are usually the most valuable information and there is a great chance, that the user is willing to pay for the restoring. When it’s finished, the next step is modifying. The virus modifies the file structures and makes them unreadable without restoration. The encrypted files have a .wctc extension, that is the clearest sign of DEATH ransomware. In order to force the user to use hackers’ decryption services, the virus also creates the ransom note called read_me.txt. Hackers usually try to assure the users, that everything is OK and they can easily restore the files for payment. In the case of DEATH ransomware hackers try to force him or her to pay them immediately, as the users are short of time. We should warn you, that there is no any firm guarantee to trust them. They can easily deceive you. Moreover, there are a number of cases when the hackers stop all contacts with the victims once they get the payment. Don’t waste your money! If you have no choice, but to remove DEATH ransomware and decrypt .wctc files, you should use our up-to-date guide!


??????DEATHRansom ???????
Hello dear friend,
Your files were encrypted!
You have only 12 hours to decrypt it
In case of no answer our team will delete your decryption password
Write back to our e-mail:
In your message you have to write:
2. Time when you have paid 0.1 btc to this bitcoin wallet:
After payment our team will decrypt your files immediatly
Free decryption as guarantee:
1. File must be less than 1MB
2. Only .txt or .lnk files, no databases
3. Only 1 files
How to obtain bitcoin:
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:

Article’s Guide

  1. How to remove DEATH Ransomware from your computer
  2. How to remove DEATH Ransomware encryption from your files
  3. Data Recovery
  4. Automated decryption tools
  5. Windows Previous Versions

How to remove DEATH Ransomware from your computer?

We strongly recommend you to use a powerful anti-malware program that has this threat in its database. It will mitigate the risks of the wrong installation, and will remove DEATH from your computer with all of its leftovers and register files.

Solution for Windows users: our choice is Norton 360 . Norton 360 scans your computer and detects various threats like DEATH, then removes it with all of the related malicious files, folders and registry keys.

Download Norton windows compatible

If you are Mac user, we advise you to use Combo Cleaner.

How to decrypt .wctc files?

Once you’ve removed the virus, you are probably thinking how to decrypt .wctc files. Let’s take a look at possible ways of decrypting your data.

Recover data with Data Recovery

Data Recovery

  1. Download and install Data Recovery
  2. Select drives and folders with your files, then click Scan.
  3. Choose all the files in a folder, then press on Restore button.
  4. Manage export location.

Download Stellar Data Recovery

The download is an evaluation version for recovering files. To unlock all features and tools, purchase is required ($49.99-299). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.

Restore data with automated decryption tools

Unfortunately, due to the novelty of DESYNC ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.

Remove DEATH encryption with Windows Previous Versions

This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows keeps copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take the following steps:

  1. Open My Computer and search for the folders you want to restore;
  2. Right-click on the folder and choose Restore previous versions option;
  3. The option will show you the list of all the previous copies of the folder;
  4. Select restore date and the option you need: Open, Copy and Restore.

Remove DEATH encryption with System Restore

You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.

  1. Type restore in the Search tool;
  2. Click on the result;
  3. Choose restore point before the infection infiltration;
  4. Follow the on-screen instructions.

Was this tutorial helpful?
[Total: 0 Average: 0]

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.