.WERD File Extension

Werd Ransomware Encrypted File

Developer N/A
2.7  |  3 Votes

What is a WERD file?

A file with a .werd extension is a file that has been encrypted by the Werd virus, which is a variant of Stop and Djvu ransomware that became prevalent in October 2019. It is encrypted so it is not possible to open the file by simply changing the file extension.

More Information

Werd is a type of malware utilized by cybercriminals that takes a user's files hostage and forces him to pay the perpetrator to unlock his files. It is typically introduced to a victim's computer through spam emails with malicious file attachments that are downloaded and run by unsuspecting users. These email attachments may be .DOCX, .RAR, .ZIP, or .JS files that appear innocent but actually contain the Werd virus. This method of disguised infiltration is known as a Trojan horse attack.

When the ransomware runs on a user's computer, it scrambles and encrypts files on the computer then renames them with a .werd extension. The files are typically documents, images, videos, and backup files, such as .PDF, .PNG, .AVI, and .DB files. For example, a video.mp4 file becomes video.mp4.werd.

The virus then generates a .TXT ransom note (_readme.txt) in each of the folders that contain encrypted WERD files. The ransom note contains text that informs the user of the takeover and what they are meant to do to recover their files. Typically, the note also provides an email address to contact and the ransom amount that needs to be paid (usually $980 in Bitcoin) to acquire the decryption tool.

How to open a WERD file

Currently, there are several options for removing the Werd virus, such as Malwarebytes Premium software, but there is no program available to effectively restore infected files. If you have a recent backup of your files, you can perform a System Restore to remove the virus, but any changes made to files after the backup was created will be lost.


FileInfo.com recommends you never pay a ransom to decrypt files encrypted by ransomware. Paying a ransom encourages ransomware distributors to continue their efforts, and there is no guarantee that paying a ransom will give you access to your files. Instead, you should restore your data from a recent backup created before the ransomware infected your computer.

Open over 400 file formats with File Viewer Plus.Free Download

Programs that open WERD files

System Restore

Verified by FileInfo.com

The FileInfo.com team has independently researched the Werd Ransomware Encrypted file format and Windows apps listed on this page. Our goal is 100% accuracy and we only publish information about file types that we have verified.

If you would like to suggest any additions or updates to this page, please let us know.