Computer users have reported the NoobCrypt Ransomware infections, an encryption ransomware Trojan that uses an attack that is fairly typical of these kinds of infections. The NoobCrypt Ransomware uses an asymmetric encryption method to take the victim's files hostage, encrypting them and making them useless without the decryption key. After encrypting the victim's files, the NoobCrypt Ransomware drops image files containing a ransom note, which instructs the victim on what has happened and how to pay the ransom.
Table of Contents
How the NoobCrypt Ransomware Infection Works
The NoobCrypt Ransomware ransom note informs the victim about the files that were encrypted and the amount and method of payment. The NoobCrypt Ransomware's ransom note claims that an asymmetric cryptography was used to encrypt the victim's files, meaning that a private key stored on the Command and Control servers is necessary for the decryption. To obtain this key, victims of the NoobCrypt Ransomware are instructed to pay $299 USD. If this ransom is not paid before 48 hours are up, the NoobCrypt Ransomware claims that the key will be deleted, making file recovery impossible. The NoobCrypt Ransomware demands that using BitCoin, an anonymous cryptocurrency, should make the payment of the ransom. The NoobCrypt Ransomware message also claims that some of the victim's files will be deleted every two hours, in a further attempt to scare the victim into paying as soon as possible. However, these claims aren't true, and the con artists responsible for the NoobCrypt Ransomware attack do not follow up on their threat of deleting the victim's files. Most importantly, there is a hard-coded decryption key that victims of the NoobCrypt Ransomware infection can use to recover from the NoobCrypt Ransomware attack easily.
Recovering from the NoobCrypt Ransomware Attack and Preventing Future Infections
It is possible to recover from the NoobCrypt Ransomware infection by using the recovery key 'ZdZ8EcvP95ki6NWR2j,' which is hard-coded into the NoobCrypt Ransomware. Since this key is available, it is not necessary to pay the ransom to recover from the NoobCrypt Ransomware attack. In most situations, it may not be attainable to recover from attacks like the NoobCrypt Ransomware, since files encrypted using these algorithms will become inaccessible. Most importantly, even if the computer users pay the ransom, it is very common for the con artists to ignore the payment and refuse to help the victim to recover the encrypted files. Because of this, computer users should use preventive measures to ensure that the NoobCrypt Ransomware and similar threats do not enter a computer, and backup all files in case an encryption ransomware Trojan that does not have an easy recovery method like the NoobCrypt Ransomware infects their computers.
The Threat Contained on the NoobCrypt Ransomware’s Ransom Note
The following is the ransom note that has been linked to the NoobCrypt Ransomware attacks:
'Your personal files are encrypted!
Coded in R0MANIA
Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key.
You have 48 hours to pay 250 NZD in Bitcoins to get the decryption key. Every 2 hours files will be deleted. Increasing in amount every time frame.
If you do not send money within provided timeframe you files will be permanently cryptic and no one will be able to recover them.
In order to pay use a phone of a laptop!'
These models of ransom notes are becoming increasingly common and, unlike the NoobCrypt Ransomware, there may not be any way to recover the encrypted files without access to the decryption key. The following are some preventive measures you can take to avoid becoming a victim of these infections:
- Backup all important files using an off-site memory device.
- Avoid opening email attachments and embedded links in unsolicited email messages.
- Use an anti-malware program that is fully up-to-date to protect your computer.