WRUI Ransomware Encrypted File
3.0 | 1 Vote
What is a WRUI file?
In April 2021, some PC users began reporting that their computers had been infected by ransomware that came packaged within the B6F6.exe and MicrosoftToolkit.exe executables. The executables contained several viruses, one of which encrypted many of the users' files and renamed the files to use the .wrui extension.
WRUI ransomware is a variant of STOP ransomware, which is one of the most common types of ransomware. Other variants of STOP ransomware append users' files with the .STOP, .DJVU, .rumba, .gero, or .CADQ extensions. All variants of STOP ransomware produce ransom messages named _readme.txt in affected folders, which contain instructions a user is meant to follow to decrypt their files.
How to open a WRUI file
WRUI files are encrypted, so you cannot open them. In some cases, you may be able to revert a WRUI file to its original form by renaming it to use its previous extension. For example, you can rename an encrypted JPG from yourjpg.wrui to yourjpg.jpg and attempt to open it. This may allow you to open some of your renamed files but likely will not work on all your files.
While Emsisoft offers a Decryptor for STOP ransomware, it works only for STOP variants that use offline decryption keys. The WRUI variant uses online decryption keys, so Emsisoft's decryptor cannot decrypt WRUI files.
FileInfo.com recommends you never pay a ransom to decrypt files encrypted by ransomware. Paying a ransom encourages ransomware distributors to continue their efforts, and there is no guarantee that paying a ransom will give you access to your files. Instead, you should restore your data from a recent backup created before the ransomware infected your computer.