Một tập tin với phần mở rộng của.werd là một tập tin đã được mã hóa bởi virus Werd, mà là một biến thể của Dừng lại và Djvu transomware đã phổ biến ở tháng Mười Một. Nó được mã hóa nên không thể mở tập tin bằng cách đơn giản thay đổi phần mở rộng tập tin.

Werd is a type of malware utilized by cybercriminals that takes a user's files hostage and forces him to pay the perpetrator to unlock his files. It is typically introduced to a victim's computer through spam emails with malicious file attachments that are downloaded and run by unsuspecting users. These email attachments may be .DOCX, .RAR, .ZIP, or .JS files that appear innocent but actually contain the Werd virus. This method of disguised infiltration is known as a Trojan horse attack. When the ransomware runs on a user's computer, it scrambles and encrypts files on the computer then renames them with a .werd extension. The files are typically documents, images, videos, and backup files, such as .PDF, .PNG, .AVI, and .DB files. For example, a video.mp4 file becomes video.mp4.werd. The virus then generates a .TXT ransom note (_readme.txt) in each of the folders that contain encrypted WERD files. The ransom note contains text that informs the user of the takeover and what he needs to do to recover his files. Typically, the note also provides an email address to contact and the ransom amount that needs to be paid (usually $980 in Bitcoin) to acquire the decryption tool. NOTE: Currently, there are several options for removing the Werd virus, such as Malwarebytes Premium software, but there is no program available to effectively restore infected files. If the user has a recent backup of his files, he can perform a system restore to remove the virus but any changes made to files after the backup was made will be lost.