Noob Ransomware

Posted by Sarah Stewart on July 28, 2017

What is Noob Ransomware?

It does not look like the ransomware wave would go down soon and here is Noob Ransomware threatening to destroy your peace and quiet. This ransomware infection comes forth with the intention to steal your money. Of course, the program wants to bully you into transferring the ransom fee that would supposedly allow you to restore your encrypted files. However, there is no guarantee that this ransomware infection would issue the decryption key necessary, so you should keep your money to yourself. Please remove Noob Ransomware from your system right now following the manual removal instructions below, and then protect your system from similar intruders.testtest

Where does Noob Ransomware come from?

We cannot indicate the exact distribution source because these ransomware programs tend to travel in spam email attachments. However, we surely know that Noob Ransomware comes from the same group as CryptoShield Ransomware, Mole Ransomware, and Revenge Ransomware. All these programs belong to the CryptoMix Ransomware family. However, unlike say, browser hijackers, being from the same family does not mean it is possible to apply the same removal and decryption methods to all the programs in the group. Therefore, it is necessary to find other ways to get rid of this infection and restore your files.

What’s more, sometimes it is a lot easier to avoid getting infected with Noob Ransomware rather than work on the removal. The most common ransomware distribution method is a spam email. Thus, our researchers think that this program also spreads through the spam email attachments. When it comes to attachments, it is clear that no attachment gets downloaded on your computer automatically. Users download and open them willingly, thinking those files have some important data. That is because the spam emails that distribution those attachments may look like legitimate reports or notices from reliable companies. And the attachment files themselves sometimes look like PDF or MS Word files. However, that is very far from the truth. They only pretend to be document files while in fact, they are often malicious executable files. And once you run one, you automatically install Noob Ransomware on your PC.

What does Noob Ransomware do?

Of course, the main thing this infection does it encrypt your files using the RSA encryption algorithm. Perhaps there is no need to say this, but if your files get affected by this algorithm, it is practically impossible to restore your files without the individual decryption key. And this is exactly what Noob Ransomware wants to use to push you into paying the ransom. The infection drops the ransom note file in every single folder that was affected by the encryption so that you could acquaint yourself with the conditions:

All your important files were encrypted on this computer.
<…>
The server will destroy the key within 78 hours after encryption completed.

To retrieve the private key, you need to  Contact us by email , send us an email your DECRYPT-ID-46caff0b-88d8-4fbf-96aa-2e19a0fa7e4f number

and wait for further instructions.

Although the ransom note does not indicate the ransom amount, you can be sure that it will be hundreds of dollars. That is, provided the people behind this infection would write you back. The problem is that there is always a chance that the command and control center goes down because of the shaky server connection. Ransomware creators rely on proxies to maintain their servers, and those proxies could die anytime. As a result, it would not be impossible to contact them at all. So it basically means that paying the money for the decryption key is practically pointless. Not to mention that buy paying the money you would only encourage these criminals to continue their criminal activities.

How Do I Remove Noob Ransomware?

It is not difficult to delete this program from your computer. It drops a few files that have to be removed via Registry Editor and then from a few directories on your system. However, the problem is that, most of the time, Noob Ransomware generates these filenames at random, so each infected computer may have files under different names to remove. Thus, the removal might become tedious, and if you want to avoid that, you should invest in a licensed antispyware tool to do the job for you.

As for your files, you should remove the encrypted data and then transfer healthy files back into your computer from an external backup drive or from some other storage where you keep copies of your files. You may also wait for the public decryption tool, but it is a lot faster to restore the files from a backup.

Manual Noob Ransomware Removal

  1. Press Win+R and the Run prompt will open.
  2. Type regedit into the Open box and click OK.
  3. Open HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  4. Right-click and delete the following values on the right pane: 00FF0EBCF2F2 & BC0EBCF2F2.
  5. Navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce.
  6. On the right, right-click and delete the *BC0EBCF2F2 value.
  7. Close Registry Editor and press Win+R again.
  8. Enter %AppData% and click OK.
  9. Remove the BC0EBCF2F2.exe* file.
  10. Look for the _HELP_INSTRUCTION.TXT files and remove them.

* Do not forget that the filenames could be random. 100% FREE spyware scan and
tested removal of Noob Ransomware*

Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *