Remove NoobCrypt Ransomware and Restore Locked Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove NoobCrypt Ransomware and Restore Locked Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by NoobCrypt and other threats.
Threats such as NoobCrypt may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

STF-noobcrypt-ransomware-coded-in-romania-ransom-note

NoobCrypt is a ransomware virus, which encrypts files and wants different currency as payment for ransom. The ransomware calls you a noob if you input a wrong decryption key. To remove the ransomware and see how to restore your files, you should read the article till the very end.

Threat Summary

NameNoobCrypt
TypeRansomware
Short DescriptionThe ransomware encrypts your files and shows a lockscreen with a ransom note. it gives details on how to pay the ransom.
SymptomsThe ransomware locks your screen and asks for 299 US dollars or 250 NZD paid in Bitcoins after file encryption. If you input a wrong unlock key it calls you a noob.
Distribution MethodExploit Kits, Spam Emails, File Sharing Networks
Detection Tool See If Your System Has Been Affected by NoobCrypt

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss NoobCrypt.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

NoobCrypt Ransomware – Update

UPDATE! Decryption key has been released that is Universal for the new NoobCrypt infections. Simply type “lsakhBVLIKAHg” as the unlock key and you will get your files decrypted. It is preferred that you download the anti-malware tool mentioned above, to make sure the ransomware does not encrypt your files again after decryption.

NoobCrypt Ransomware – Infection Spread

NoobCrypt ransomware could be spread with spam emails. Such type of emails is intended to reach out a lot of people containing a spam message along with an attachment. Opening that attachment triggers the malicious payload and infects your computer. Do not open emails which are suspicious or ones with an unknown origin.

Another possible way of spreading the infection and compromising computers might be via social media and file-sharing networks. Such networks are at times used by cyber-criminals to additionally spread their ransomware viruses. The same advice as before can be applied here – to avoid infection be careful and do not download, open or click anything suspicious or unknown.

NoobCrypt Ransomware – Technical Information

NoobCrypt ransomware is coded on .NET, but has flaws and errors in its code. The virus will display a message that you are a noob if you try to enter an invalid decryption key. But the real noobs here seem to be the cyber-criminals behind it, because of the way they have written the ransomware. Not only there are mistakes in the code, but some of these mistakes show in the ransom note.

NoobCrypt ransomware creates the following registry key:

→HKEY_CURRENT_USER\k1j3jk153kj153

Inside there are these three strings:

  • (Default)
  • iv
  • key

It does not seem to be any registry for automatically launching with the start of Windows, too.

You can see a screenshot of the lockscreen that appears after encryption down here:

STF-noobcrypt-ransomware-coded-in-romania-ransom-note

You can read the text from the ransom note here:

Your personal files is are encrypted!
Coded in R0MANIA
Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key.
You have 48 hours to pay 250 NZD in Bitcoins to get the decryption key.
Every 2 hours files will be deleted.Increasing in amount every time frame.
If you do not send money within provided (deadline) your files will be permanently crypted and no one will be able to recover them.
Time left until your files will be DELETED! – Don’t try to trick us.
Send approximately 250NZD to this BTC Address I have paid, check.
$299
1JrYNuMaE4VXKrod2gA9keBo6nzPvtaoZ6
In order to pay use a Phone or a Laptop!
Informations CHECK

You can see in the picture above how the counter and one of the $299 are misplaced. Maybe it was intended for the 250 New Zealand dollars to be covered by the sum of 299 US dollars. 250 New Zealand dollars are only 175 American ones, so that can be a good reason, why the criminals maybe wanted to change it.

Whatever the asked sum is, it is not advised to pay the ransom, nor is it advised to contact the criminals in any way. Paying will only support the people behind the ransomware and make them want to continue doing this. Keep reading, to find out how to recover your data.

You can see that the ransomware is detected by security programs already, according to the VirusTotal website:

STF-noobcrypt-ransomware-coded-in-romania-virus-total

The NoobCrypt ransomware is a screenlock ransomware, and will not let you access your files while it is on your computer.

NoobCrypt ransomware is not known to delete Shadow Volume Copies from the Windows operating system. That may not be so important as currently there is a way to decrypt your files according to researchers. Read below to see what you can do to unlock your PC.

Remove NoobCrypt Ransomware and Restore Locked Files

If your computer system is infected with the NoobCrypt ransomware, you should have some experience with removing malware. You should get rid of this ransomware before it infects somebody else on the network you use. The recommended action for you is to read the step-by-step instructions manual provided down below, try to restore your files and to remove the ransomware completely.

Note! Your computer system may be affected by NoobCrypt and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as NoobCrypt.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove NoobCrypt follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove NoobCrypt files and objects
2. Find files created by NoobCrypt on your PC

IMPORTANT!
Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by NoobCrypt

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...