What is Naampa Ransomware?
We are sure you will not be happy about the entrance of Naampa Ransomware because it is one of those malicious applications that enter computers illegally and then immediately lock users’ files without prior notice. The language used by this infection is Russian, so it is believed that it might target users living in Russian-speaking countries primarily. Of course, it does not mean that you are safe if you do not live in any of these countries. We suspect that you are reading this article because you have already become a victim of this ransomware infection. You should take action immediately if we are right – go to uninstall this infection from your computer as soon as possible because its presence might result in the loss of even more files. Naampa Ransomware drops only two files on compromised machines: the ransom note and the .res file, so its removal should not be a very complicated procedure.
What does Naampa Ransomware do?
Crypto-threats like Naampa Ransomware always perform the encryption of files the first thing after successfully entering computers, so we are sure that you will discover your pictures, text files, documents, and other important files encrypted too if you ever encounter this infection. Research has revealed that it uses RSA-2048, a strong encryption algorithm, to lock users’ files. What also distinguishes it from the rest of the ransomware-type infections is the extension it appends to files it locks – .crptd. After encrypting users’ personal files, it drops a ransom note !----README----!.jpg containing a message in Russian. This ransom note tells users why they can no longer open their files and how they can get them back. What users need to do is to send one of the encrypted files and a file key.res to Unlckr@protonmail.com. In case the answer is not received within 24 hours or the reply is corrupt, they should go to download the TOR browser and then open the .onion link provided. This link contains another email – unlckr@protonmail.com. Although users are not told anything about the ransom, there is no doubt that they will be asked to send an indicated amount of money to cyber criminals in exchange for the decryption key, so do not even bother writing an email if you are not going to purchase the decryptor. We really hope that all the users decide not to send money to malware developers because cyber criminals will never stop developing and releasing malicious applications if users let go of their money so easily. Additionally, you should know that you might not get the decryptor even if you send the required money.
Unfortunately, you cannot crack RSA-2048 easily and thus decrypt your files, but you can surely restore your files from a backup. The restoration of files will only be successful if a backup of files is available on an external storage device, e.g. a USB flash drive, or you keep it on some kind of file storage website. It might be impossible to restore files from a backup you have in some kind of folder on your computer because it is very likely that this backup has been encrypted too.
Where does Naampa Ransomware come from?
Spam emails are often employed to spread malicious applications, and we believe that Naampa Ransomware is mainly spread via spam emails as well. Users might find a malicious link in a spam email promoting this infection, or it might travel in them as an attachment. In most cases, these attachments look completely harmless, so we do not find it very surprising that users contribute to the entrance of this malicious application by opening the malicious attachment from the inside of the received spam email. It is a popular distribution method, so other infections might slither onto your computer without your permission once again if you keep opening spam emails and their attachments. We recommend that you stop doing this ASAP and, additionally, enable security software on your computer.
How to delete Naampa Ransomware
You can remove Naampa Ransomware completely by deleting the ransom note and the .res file from %USERPROFILE%\Downloads. In addition, it would be smart to inspect recently downloaded files and remove those that you find quite suspicious. Ransomware infections can also be deleted automatically – you must use a reputable malware remover. Unfortunately, automatic tools are not capable of decrypting users’ personal files either.
Naampa Ransomware removal guide
- Press Win+E to open Explorer.
- Type %USERPROFILE%\Documents in the URL bar and press Enter to open this directory.
- Delete two files: key.res and !----README----!.jpg.
- Check recently downloaded files and delete those suspicious ones.
- Empty the Recycle bin.
100% FREE spyware scan and
tested removal of Naampa Ransomware*
0 Comments.