Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Neitrino Ransomware Virus – Remove and Try To Restore .Neitrino Files

message-txt-sensorstechforum-kriptovor-neitrino-ransowmareA variant of the Kryptovor Ransomware, Neitrino ransomware is reported to encode the files of the computer it infects, adding the .neitrino expansion to them. This ransom virus also uses a MESSAGE.txt file that aims to notify affected users that their computer’s files are encrypted with an AES cipher and they should pay ransom money to get them back. This is done to convince users they do not have any other options and their best bet is to pay criminals from their money. Since victims have been already affected, experts strongly advise against paying any ransom notes.

Threat Summary

Name

Neitrino

Type Ransomware
Short Description The malware encrypts users’ files after force restarting their PC, dropping ransom message, named “MESSAGE.txt”
Symptoms The user may witness ransom messages and “instructions”.
Distribution Method It may spread via malicious PDFs and an Infostealer featured in spam e-mail messages.
Detection Tool See If Your System Has Been Affected by Neitrino

Download

Malware Removal Tool

User Experience Join our forum to Discuss Neitrino Ransomware.

Neitrino Ransomware’s Distribution Methods

Neitrino Ransomware virus may use third-party websites and leave its malicious executables there by uploading them in the form of different legitimate programs:

  • Keygens.
  • Cracks.
  • Fake software setups.

Similar to Kriptovor Ransomware, Neitrino may also use malicious spam e-mails wich can infect users via a fake .pdf file. Such file may either contain malicious macros or be a .js file(JavaScript). It may also be a payload dropper Trojan Horse virus.

The content of such e-mails may appear to be convincing for the user, giving him or her serious reasons to open the e-mail attachment. This is very effective if the spammers use websites that the users are registered in or other information against them, making users believe this is legitimate.

Neitrino Ransom Virus – Detailed Information

Since Neitrino is a Kriptovor variant, it may also use a Trojan that can obtain and send to the cyber-criminals key system information:

  • Internet connectivity info.
  • Which executables are running actively on the targeted computer.
  • Fake software setups.
  • OS Version, system name, etc.
  • Software installed on the machine.
  • IP addressing information.
  • MAC address.
  • Windows Registry Editor Details.

The Neitrino Ransowmare may also have specific configuration to delete itself and not run. For instance, if it detects that it is not running on a real Windows environment and is instead running on a virtual drive, it may shut down and self-terminate. Not only this, but if such criteria is ment, the Neitrino Ransowmare may also download its payload in a .RAR file from a malicious domain belonging to the cyber-criminals.

Neitrino Ransomware may have more than one executable. It may add a registry entry for its malicious file that encrypts files in the Windows Registry Editor. The targeted key may be the “RunOnce” key which runs the encryptor when you start Windows:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

As soon as Neitrino encryption process is initiated, it may scan for hundreds of types of file types. The most “important” files it encrypts are:
Microsoft Office Documents.

  • Adobe Reader Files.
  • Virtual Machines.
  • Database Files.
  • Audio, Video, Pictures and other multimedia files.

But Neitrino does not stop there. The Neitrino virus, actually leaves a ransom note, written entirely in Russian. It translates to the following message:

“It is possible to know about the value of the decryptor on the e-mail address: {Cyber-crooks’ e-mail address).
In this letter, type your ID:{VICTIM ID HERE}
A convincing request not to try and decrypt files with decryptors.
You can permanently damage them and even the original decryptor will not help you.
We accept messages until {Deadline date here}
After {Deadline date here} we will ignore every message.
It is possible for replies to be slower.”

This scareware message suggests that Neitrino Ransomware may have used the so-called CBC-mode. This abbreviation stands for Cipher Block Chaining and it may indeed damage the files if you try to use other decryptors than the original. This is why we do not advise you to do it, or if you are to do it, to create copies of the encoded files.

Neitrino Ransomware – Removal and File Restoration Methods

If you have decided that you should immediately erase Neitrino Ransomware our advice is to use the instructions which we kindly have provided for you after this article. They will help you to manually delete Neitrino from your computer. In case you are having difficulties following the manual instructions, it is generally preferable to use an advanced anti-malware program which will automatically scan for and remove malicious files associated with this virus and restore your settings back to normal without damaging the encoded files.

In case you feel like you should do something about the encrypted files, DO NOT pay the ransom amount if the crooks ask for it. Instead you can try to:

1. Before starting any decryption by yourself create several copies of the encrypted files so that you can try decrypting them using Kaspersky’s and Emsisoft’s decryptors from a safe computer.
2. Ask the cyber-criminals to decrypt one file for free as a guarantee since this will assist you with the decryption of the other files.
3. Follow the suggested alternative solutions in step “3. Restore files encrypted by Neitrino” below.

Manually delete Neitrino from your computer

Note! Substantial notification about the Neitrino threat: Manual removal of Neitrino requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Neitrino files and objects
2. Find malicious files created by Neitrino on your PC
3. Fix registry entries created by Neitrino on your PC

Automatically remove Neitrino by downloading an advanced anti-malware program

1. Remove Neitrino with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Neitrino in the future
3. Restore files encrypted by Neitrino
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.