2NEW Ransomware

Cybersecurity analysts spot new ransomware threats lurking on the Web almost daily. Building and propagating threats of this type are easier than one may think. There are many freely available ransomware-building kits that help low-level cybercriminals create and propagate data-encrypting Trojans that would lock their targets' data, enabling the attackers to extort the users for their hard-earned money. One of the last threats of this class has been dubbed the 2NEW Ransomware. This newly uncovered file-encrypting Trojan belongs to the notorious Dharma Ransomware family. The Dharma Ransomware family was the second most active ransomware family throughout the whole year of 2019, claiming numerous victims all around the world.

Propagation and Encryption

Malware researchers are not certain how the creators of the 2NEW Ransomware are propagating this nasty threat. However, it is very likely that they may be utilizing some of the most commonly used infection vectors - bogus software updates, fraudulent pirated variants of popular applications, malvertising, mass spam email campaigns, etc. The 2NEW Ransomware is designed to scan the compromised system to locate the files that will later undergo an encryption process. Once the scan has been completed, the 2NEW Ransomware would proceed with the attack by triggering its encryption process.

To lock the targeted data, the 2NEW Ransomware applies a complex encryption algorithm and renders all the locked files unusable. Then, users may notice that the names of their files have been changed. This is because the 2NEW Ransomware applies a new extension, following the pattern '.id-.[new2crypt@aol.com].2NEW' where 'VICTIM ID,' which stands for the uniquely generated ID that is given to each affected user. This helps the attackers differentiate between the victims.

The Ransom Note

The 2NEW Ransomware would drop its ransom note on the victim's desktop. The ransom message of the attackers is contained in a document called 'FILES ENCRYPTED.txt.' In the note, there is no mention of the ransom fee, but be sure that the authors of the 2NEW Ransomware will require no less than a few hundred dollars in exchange for the decryption key that is meant to help you recover your data. The authors of the 2NEW Ransomware would like to be contacted via email, and they provide two email addresses where victims can get in touch with them - '2new2crypt@aol.com' and 'new2crypt@aol.com.'

Experts advise against cooperating with cyber crooks like the shady actors behind the 2NEW Ransomware. Such dodgy individuals rarely hold up their end of the bargain, and most users who pay the ransom fee demanded never receive the decryption tool they need to recover their files. It is advisable to invest in a genuine anti-malware tool that will remove this Trojan from your PC securely.