.WLU File

A WLU file is a file encrypted by Jaff ransomware, a computer infection utilized by cybercriminals. It contains a user's file, such as a .ACCDB, .ODS, .PPTX, or .WMV file, encrypted with the RSA algorithm and AES-128 ciphers. WLU files became prevalent in 2017.

The WLU file is used by a variant of the Jaff ransomware. The purpose of the virus is to take your files hostage and force you to pay the perpetrator (by way of bitcoin) to unlock your files. The virus is primarily distributed through emails masking as invoices with a malicious .PDF attachment. If you open the attachment, you will encounter a prompt to open an embedded .DOCM file, which downloads the Jaff ransomware and executes it. Once the virus affects your computer it begins scrambling your files, renaming them, and encrypting them. It appends the WLU extension on to the file extension. For example, your example.pub file becomes example.pub.wlu. The virus then generates a README_TO_DECRYPT .TXT, .BMP, and .HTML ransom note files informing you of the takeover and what you need to do to decrypt your files.

There is no program currently available to effectively decrypt your files. If you backup your files you can execute a full system restore. Otherwise, the only known way to decrypt your infected files is to pay the perpetrator for the private key and decrypt program.