WAFFLE Ransomware

Waffle Ransomware is newly detected file encryption virus created cyber criminals. It has been programmed with the sole motive to blackmail victims. Waffle Ransomware virus mostly get spread through spam emails, suspicious links, torrent or porn websites, peer to peer file sharing and many other tricks. This nasty ransomware virus will find and encrypt all kinds of files such as texts, documents, media files, presentations, etc. on your system.
It ask the users to pay a certain amount of money in exchange of the decryption key. However, users should know that most of the ransomware viruses does not restore users data completely even after payment.

These registry locations will show you presence of Waffle ransomware on your PC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Waffle Ransomware


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “3948550101?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “xas”

HKEY_CURRENT_USER\Software\Waffle Ransomware

If infected you can use Max Total Security >Tools>Browser Fox to reset all browsers. Recover your lost data from Max Total Security Data Back/Restore Tool and keep protection ON all the time. Happy surfing if you have Max Total Security on your PC.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>