The .NEWS files virus is a ransomware from the Crysis/Dharma family. It is extremely dangerous ransomware due to the fact that it encrypts personal files located on the local drives as well as shared network directories. The primary goal of Dharma .NEWS ransomware is to extort a hefty ransom fee from infected users. The extortion happens via a ransom note file and a lockscreen instance.
Security experts strongly advise all victims against paying the demanded ransom to hackers. Otherwise, cyber criminals will be encouraged to continue developing vicious ransomware infections like .NEWS files virus and harassing online users. Keep up with this ransomware removal guide and find out how to clean malicious files from infected PC as well as how to potentially recover .NEWS files.
|Short Description||A ransomware dsigned to corrupt valuable files and extort a ransom free for their decryption.|
|Symptoms||Important files cannot be opened due to changes of their code. They are all renamed with .NEWS extension.|
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by .NEWS Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .NEWS Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
A new release of the Dharma ransomware family has been detected encrypting data files with the .NEWS extension. This new ransomware, alternatively known as the .NEWS virus, is probably spread by using the same well-known distribution strategies. They can include various phishing strategies that rely on the sending of email messages and hosting web sites that imitate well-known companies, people or services. Their aim will be to convince the recipients into interacting with the included scripts or files. The sites and emails might come from a domain name that sounds very similar to the legitimate ones.
The malicious files can be either documents (across all popular file types) or dangerous setup bundles of popular applications which are often downloaded by web users. Alternatively they will be uploaded to file-sharing networks where popular legitimate and pirate is frequently distributed. The virus code can also be integrated in browser hijackers which are dangerous extensions made for the most popular web browsers. Once made they are spread to the respective repositories using fake user reviews and developer credentials. To make these plugins appear as more lucrative an elaborate description and promises of multiple feature additions will be posted.
As soon as the .NEWS virus is deployed on a given system a sequence of dangerous activities will be run depending on the built-in code or the hacker instructions. In almost all cases this will include some kind of a data harvesting process — it is programmed to search for information that is related to the victims (personal data) and the machines that they are using. It can be used to construct an unique identifier and to look for any running security applications — any found anti-virus engines, firewalls and related processes will be stopped or deleted.
The .NEWS virus can also be used to modify system settings and configuration files. This can lead to dangerous consequences for the users which can include data loss, unexpected errors and issues that are related to the use of common services and applications. There are two main types of changes which are most frequently quoted by the security analysts:
- Persistent Infection — The .NEWS ransomware engine can be installed in a way which will automatically start it as soon as the computer is booted.
- Windows Registry Changes — The virus engine can edit out existing strings which are found within the Registry. This can cause data loss, errors when accessing operations and user installed applications.
When everything has finished running the .NEWS virus will proceed with the actual encryption phase. Following the well-known procedures of previous samples the engine will encrypt files based on a built-in list of target file type extensions — usually this will include commonly used user data such as documents, multimedia files, backups, archives and system restore points. To mask the affected files the ransomware will add the .NEWS extension to them. As well as a ransom note the virus will institute a lockscreen instance which will blackmail the victims into paying the hackers a decryption fee.
Remove .NEWS Virus Files and Restore Data
The ransomware associated with .NEWS extension is a threat with highly complex code that plagues not only your files but your whole system. So you should clean and secure your infected system before you could use it regularly again. Below you could find a step-by-step removal guide that may be helpful in attempting to remove this ransomware.
Choose the manual removal approach if you have previous experience with malware files. If you don’t feel comfortable with the manual steps select the automatic section from the guide. Steps there enable you to check the infected system for ransomware files and remove them with a few mouse clicks.
In order to keep your system safe from ransomware and other types of malware in future, you should consider the installation of a reliable anti-malware program.