Remove Noob Ransomware and Restore Your Data
THREAT REMOVAL

Remove Noob Ransomware and Restore Your Data

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Noob and other threats.
Threats such as Noob may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

The article will help you to remove Noob ransomware completely. Follow the ransomware removal instructions provided at the end of this article.

The Noob ransomware is a new cryptovirus with a lockscreen function. This virus has been discovered by the malware researcher Jaromir Horejsi. The ransomware has a mechanism for breaking files and making them 0 bytes, if you type an incorrect unlock code, according to the same researcher. If the infection occurs, the Noob cryptovirus will display a window with a ransom note message.

Threat Summary

NameNoob
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware virus can encrypt files and has the function to lock your PC screen.
SymptomsThe ransomware will display a window containing instructions about payment and will encrypt files while locking your screen.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Noob

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Noob.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Noob Ransomware – Delivery

Noob ransomware could spread its infection via different methods. The payload file that initiates the malicious script for this ransomware, which in turn infects your computer machine, is circling the Internet and a malware sample has been found by malware researchers. You can see the VirusTotal detections for different security programs of that sample by checking the screenshot below:

As seen in the above screenshot, many security vendors detect the ransomware to be from the HiddenTear project family.

Noob ransomware could also distribute its payload file along social media websites and file-sharing networks. Freeware applications which are found on the Web could be presented as useful but at the same time could be hiding the malicious script for the cryptovirus. Refrain from opening files right when you have downloaded them, especially if they come from dubious sources such as links or e-mails. Instead, you should scan them beforehand with a security tool, while also checking the sizes and signatures of these files for anything that seems suspicious. You should read the ransomware prevention tips thread on the forum.

Noob Ransomware – Detailed Overview

Noob is the name of this ransomware cryptovirus. It has been dubbed that way, because of the payload dropper file, named Noob.exe and because of the ransom message, where at the end, every victim is referred to as “n00b”.
Noob ransomware might make entries in the Windows Registry aiming to achieve a higher level of persistence. Those registry entries are typically designed in a way that will start the virus automatically with each launch of the Windows Operating System.

The ransom note will appear after the encryption process is complete. The note provides the demands for payment and similar instructions. The note of Noob opens in a window, which also activates the lockscreen feature. You can see that note from the screenshot given below:

That ransom message reads the following:

YOUR IMPORTANT DATA HAS BEEN ENCRYPTED
Your Documents, Photos, Videos, and other important files
has been encrypted.
The only way to restore your data is you must pay 3 BTC to my wallet address.
To complete your payment please contact me at geekhaxid[at]gmail.com,
and get your private key to decrypt your files

Your data will be safe until 24 hours I’m not receive the payment
Your data will be encrypted forever.

Big Thanks,
n00b
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX DECRYPT

As clearly seen from the ransom message above, the developer of the Noob cryptovirus has laid out detailed instructions about payment. The e-mail address that is used is [email protected] and the ransom sum that is demanded is 3 Bitcoin, which currently is nearly 3.200 US dollars. If you get your computer infected with the malware, you should NOT under any circumstances pay the cybercriminal who is behind it. Nobody could guarantee that you will get your files restored.

Noob Ransomware – Encryption Process

Noob ransomware has a high probability to seek and encrypt files, which have the following extensions:

→.doc, .docx, .pdf, .db, .jpg, .png, .ppt, .pptx, .txt, .xls, .xlsx

This is due to the fact that files with the extensions mentioned above, are still the most commonly used ones among Windows users. And as we know, Windows is the predominant operating system.

To remove the lock on your screen and get the ransom note window down, all you have to do is type the following unlock code:

LEAKED

Be careful though, as the malware researcher Jaromir Horejsi warns that if you input the wrong unlock code, all decrypted files will be 0 bytes. That means that they will hold no information inside and still be unable to get opened.

The Noob cryptovirus could be set to delete the Shadow Volume Copies from the Windows operating system with the aid of the following command:

→vssadmin.exe delete shadows /all /Quiet

In case that command is executed, the encryption process becomes more efficient as it eliminates one of the viable ways to restore your file data.

Remove Noob Ransomware and Restore Your Data

If your computer got infected with the Noob ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Note! Your computer system may be affected by Noob and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Noob.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Noob follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Noob files and objects
2. Find files created by Noob on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Noob

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...