NoobCrypt Ransomware
Posted: July 25, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 1 |
| First Seen: | July 25, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The NoobCrypt Ransomware is a Trojan that encrypts your files before displaying a ransom note with the intention of 'selling' its decryption service to you. Besides taking advantage of the notable oversights in the NoobCrypt Ransomware's code that make free data retrieval particularly probable, malware experts recommend keeping recent backups for counteracting any attacks associated with this Trojan, which also may delete content periodically. Remove the NoobCrypt Ransomware with your anti-malware products as soon as possible after observing its symptoms, such as its ransom message.
Digital Ransoms Arising from Eastern Europe
While Russia, China, and Western Europe are regions often traced back to either developing or being inflicted by a variety of ransomware-style campaigns, other areas of the world are less often complicit. It's even rarer for a Trojan to announce its origins outright, which one sees with the NoobCrypt Ransomware. Although the NoobCrypt Ransomware is mostly a traditional file encryptor, its ransom page includes several unusual traits, such as telling its victims of its supposedly Romanian origins.
The NoobCrypt Ransomware bases itself on the .NET code with some of its major components borrowed from other threat campaigns. After its installation through still unknown vectors, the NoobCrypt Ransomware scans for content including images and popular document formats, while excluding essential components of your operating system. The NoobCrypt Ransomware then displays a ransom-themed Web page, which was taken from previous threat campaigns and slightly modified.
While the NoobCrypt Ransomware includes a countdown till it routinely deletes files on your PC, malware experts have seen no evidence of the NoobCrypt Ransomware deleting Shadow Copy data, which is a default backup information stored by Windows. Most meaningfully, the NoobCrypt Ransomware uses a static decryption key: the 'ZdZ8EcvP95ki6NWR2j' string. There is, therefore, no pressing reason to pay its ransom.
Finding out Who's the Real Noob in Threats
The NoobCrypt Ransomware gets its name from a minor change in its ransom page that insults its victims with 'noob' whenever they use an incorrect ransom code. Short for 'newbie' in gaming slang, this phrase is perhaps more applicable to its developers, who failed to delete local backups or undertake any decryption key randomization. While new samples of the NoobCrypt Ransomware may receive updates that change these facts, the current version of the NoobCrypt Ransomware available is a notably amateurish program.
However, the NoobCrypt Ransomware's existence also points to the easy availability of threat code to developers with little or no experience or industry ties. Most Trojans of the same category as the NoobCrypt Ransomware take greater steps than this Trojan with regards to blocking or erasing data, which places more urgency on their victims taking proper precautions. E-mail continues being the favorite installation method for most file encryption Trojans, although malware experts also see them occasionally using other infiltration routes.
Whether you decrypt your data freely or use backups for ignoring the encryption outright, always use an anti-malware tool to uninstall the NoobCrypt Ransomware. If you experience issues with software accessibility, as is common with most lockscreen-based Trojans, you should reboot via Safe Mode or a removable drive. Perhaps most importantly as all, as long as you don't panic, the NoobCrypt Ransomware's chances of causing any harm to either your files or your finances are slim.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.