.WERD File Extension
File TypeWerd Ransomware Encrypted File
What is a WERD file?
A file with a .werd extension is a file that has been encrypted by the Werd virus, which is a variant of Stop and Djvu ransomware that became prevalent in October 2019. It is encrypted so it is not possible to open the file by simply changing the file extension.
Werd is a type of malware utilized by cybercriminals that takes a user's files hostage and forces him to pay the perpetrator to unlock his files. It is typically introduced to a victim's computer through spam emails with malicious file attachments that are downloaded and run by unsuspecting users. These email attachments may be .DOCX, .RAR, .ZIP, or .JS files that appear innocent but actually contain the Werd virus. This method of disguised infiltration is known as a Trojan horse attack.
When the ransomware runs on a user's computer, it scrambles and encrypts files on the computer then renames them with a .werd extension. The files are typically documents, images, videos, and backup files, such as .PDF, .PNG, .AVI, and .DB files. For example, a video.mp4 file becomes video.mp4.werd.
The virus then generates a .TXT ransom note (_readme.txt) in each of the folders that contain encrypted WERD files. The ransom note contains text that informs the user of the takeover and what he needs to do to recover his files. Typically, the note also provides an email address to contact and the ransom amount that needs to be paid (usually $980 in Bitcoin) to acquire the decryption tool.
NOTE: Currently, there are several options for removing the Werd virus, such as Malwarebytes Premium software, but there is no program available to effectively restore infected files. If the user has a recent backup of his files, he can perform a system restore to remove the virus but any changes made to files after the backup was made will be lost.