.WERD File Extension

Werd is a type of malware utilized by cybercriminals that takes a user's files hostage and forces him to pay the perpetrator to unlock his files. It is typically introduced to a victim's computer through spam emails with malicious file attachments that are downloaded and run by unsuspecting users. These email attachments may be .DOCX, .RAR, .ZIP, or .JS files that appear innocent but actually contain the Werd virus. This method of disguised infiltration is known as a Trojan horse attack.

When the ransomware runs on a user's computer, it scrambles and encrypts files on the computer then renames them with a .werd extension. The files are typically documents, images, videos, and backup files, such as .PDF, .PNG, .AVI, and .DB files. For example, a video.mp4 file becomes video.mp4.werd.

The virus then generates a .TXT ransom note (_readme.txt) in each of the folders that contain encrypted WERD files. The ransom note contains text that informs the user of the takeover and what they are meant to do to recover their files. Typically, the note also provides an email address to contact and the ransom amount that needs to be paid (usually $980 in Bitcoin) to acquire the decryption tool.

Currently, there are several options for removing the Werd virus, such as Malwarebytes Premium software, but there is no program available to effectively restore infected files. If you have a recent backup of your files, you can perform a System Restore to remove the virus, but any changes made to files after the backup was created will be lost.