NoobCrypt is a ransomware virus, which encrypts files and wants different currency as payment for ransom. The ransomware calls you a noob if you input a wrong decryption key. To remove the ransomware and see how to restore your files, you should read the article till the very end.
|Short Description||The ransomware encrypts your files and shows a lockscreen with a ransom note. it gives details on how to pay the ransom.|
|Symptoms||The ransomware locks your screen and asks for 299 US dollars or 250 NZD paid in Bitcoins after file encryption. If you input a wrong unlock key it calls you a noob.|
|Distribution Method||Exploit Kits, Spam Emails, File Sharing Networks|
See If Your System Has Been Affected by NoobCrypt
Malware Removal Tool
|User Experience||Join Our Forum to Discuss NoobCrypt.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
NoobCrypt Ransomware – Infection Spread
NoobCrypt ransomware could be spread with spam emails. Such type of emails is intended to reach out a lot of people containing a spam message along with an attachment. Opening that attachment triggers the malicious payload and infects your computer. Do not open emails which are suspicious or ones with an unknown origin.
Another possible way of spreading the infection and compromising computers might be via social media and file-sharing networks. Such networks are at times used by cyber-criminals to additionally spread their ransomware viruses. The same advice as before can be applied here – to avoid infection be careful and do not download, open or click anything suspicious or unknown.
NoobCrypt Ransomware – Technical Information
NoobCrypt ransomware is coded on .NET, but has flaws and errors in its code. The virus will display a message that you are a noob if you try to enter an invalid decryption key. But the real noobs here seem to be the cyber-criminals behind it, because of the way they have written the ransomware. Not only there are mistakes in the code, but some of these mistakes show in the ransom note.
NoobCrypt ransomware creates the following registry key:
Inside there are these three strings:
It does not seem to be any registry for automatically launching with the start of Windows, too.
You can see a screenshot of the lockscreen that appears after encryption down here:
You can read the text from the ransom note here:
Your personal files is are encrypted!
Coded in R0MANIA
Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key.
You have 48 hours to pay 250 NZD in Bitcoins to get the decryption key.
Every 2 hours files will be deleted.Increasing in amount every time frame.
If you do not send money within provided (deadline) your files will be permanently crypted and no one will be able to recover them.
Time left until your files will be DELETED! – Don’t try to trick us.
Send approximately 250NZD to this BTC Address I have paid, check.
In order to pay use a Phone or a Laptop!
You can see in the picture above how the counter and one of the $299 are misplaced. Maybe it was intended for the 250 New Zealand dollars to be covered by the sum of 299 US dollars. 250 New Zealand dollars are only 175 American ones, so that can be a good reason, why the criminals maybe wanted to change it.
Whatever the asked sum is, it is not advised to pay the ransom, nor is it advised to contact the criminals in any way. Paying will only support the people behind the ransomware and make them want to continue doing this. Keep reading, to find out how to recover your data.
You can see that the ransomware is detected by security programs already, according to the VirusTotal website:
The NoobCrypt ransomware is a screenlock ransomware, and will not let you access your files while it is on your computer.
NoobCrypt ransomware is not known to delete Shadow Volume Copies from the Windows operating system. That may not be so important as currently there is a way to decrypt your files according to researchers. Read below to see what you can do to unlock your PC.
Remove NoobCrypt Ransomware and Restore Locked Files
If your computer system is infected with the NoobCrypt ransomware, you should have some experience with removing malware. You should get rid of this ransomware before it infects somebody else on the network you use. The recommended action for you is to read the step-by-step instructions manual provided down below, try to restore your files and to remove the ransomware completely.
Manually delete NoobCrypt from your computer
Note! Substantial notification about the NoobCrypt threat: Manual removal of NoobCrypt requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.