NEWS ransomware

NEWS ransomware is the file-encrypting virus that spreads infection via email attachments 

NEWS ransomware

NEWS ransomware

NEWS ransomware – cryptovirus that claims to offer a decryption tool for victims that decide to pay the ransom. It makes files useless after the encryption process and marks them using the appendix pattern .victims’ID-ID.[[email protected]].NEWS. When files get encoded and marked using this extension, a ransom note appears on the screen and in some of the folders containing encrypted data. The program window at first delivers payment instructions and initial information about the encryption process, so people can know what happened. 

Then the text file FILES ENCRYPTED.txt informs NEWS ransomware virus victims what to do further – contact the developers via email addresses [email protected] and [email protected]. However, that is not the best option since this is a version of Dharma ransomware – a known threat that is not decryptable from the start. Malicious actors that release new versions of the virus cannot guarantee that the decryption tool is available after the payment, so do not trust them and try to terminate the virus instead of contacting them. Crypto malware can easily damage the machine with additional processes, so the more time it gets on the device the more issues you need to fix later.

Name NEWS ransomware
Family Dharma ransomware
File marker .NEWS is the appendix that appears on every encrypted file after the original name and file type extension. The full pattern of the extension includes the email address of the crooks – .victims’ID-ID.[[email protected]].NEWS
Ransom note The pop-up window shows up on the screen with instructions and payment options. This program window, in most cases, is named with one of the contact emails. Also, a ransom note in the text file named FILES ENCRYPTED.txt is added on every folder with encoded data and on the desktop. This file includes contact emails and encouragement to contact criminals for file recovery
Distribution Sites that include malicious code, files loaded on the emails with malicious macros[1] all can install either the malware that acts as a payload dropper or this cryptovirus directly on the system without additional interaction or permissions
Contact emails [email protected] and [email protected]
Elimination Get a professional anti-malware program and remove NEWS ransomware during a full system scan that indicates all the intruders and malicious programs, so it can delete any possible threats
Repair Ransomware is a powerful infection that interferes with other functions and affects system files behind the user’s back, so you should get a PC repair tool or a system program like Reimage Reimage Cleaner that can find virus damage and fix affected files. If you skip that step, your files may get affected again when you try to repair them from the backup

NEWS ransomware is the version of the Dharma virus that is known for delivering full instructions with payment options and places where Bitcoins can get purchased. Cryptocurrency extortion is the main aim of the malicious actors behind this threat. However, experts[2] do not recommend paying or even contacting such crook,s especially when it comes to this family.

This particular .[[email protected]].NEWS ransomware delivers a shorter version of the common note:

Don’t worry,you can return all your files!
If you want to restore them, follow this link:email [email protected] YOUR ID 1E857D00
If you have not been answered via the link within 12 hours, write to us by e-mail:[email protected]
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Also, a text file with particular contact emails gets placed in various folders containing NEWS ransomware encrypted files. The particular ransom amount is not determined, so when people contact the criminals, malicious actors can specify the amount the victim needs to pay for the alleged decryption tool. These crooks may offer test decryption of one or a few files, but that is the method to fake trust between you and criminals. Don’t fall for this scam.

Even though .[[email protected]].NEWS ransomware aims to get money from people the encryption process is not the only activity malware runs on the machine. It starts the attack with file locking and gives 12 hours for victims to pay up. During the time on the system, threat also interferes with such settings, like security features or functions that allow file recovery to happen.

NEWS ransomware removal process may get difficult because of these alterations because the virus is set to disable AV tools, damage registry, and affect the performance of some of the applications and programs. When the anti-malware tool that already is on the system cannot work, you may reboot the machine in Safe Mode with Networking and launch the alternate AV tool from an external device, for example.  NEWS ransomware virus
NEWS ransomware – a threat that derives from a dangerous Dharma virus that is known to be undecryptable for many years now.

NEWS ransomware virus
NEWS ransomware – a threat that derives from a dangerous Dharma virus that is known to be undecryptable for many years now.

Even when the ransom note from NEWS ransomware developers seems convincing, you should think twice before writing them an email. There are no better options than to get rid of the virus without communication with criminals and recover encrypted data. 

There is no easy way to remove NEWS ransomware because cryptovirus is a dangerous and powerful malware that avoids detection[3] and makes the machine running poorly to keep the control of files and functions. Your files may bet damaged permanently and you may lose money of you consider paying the ransom as an option. Get a proper AV tool and remove the threat. Then clean the system with Reimage Reimage Cleaner or a similar system tool and rely on data backups to replace affected files with safe copies. 

.[[email protected]].NEWS virus cannot be decrypted because researchers haven’t released any tools available for users. It is not common to find decryptable Dharma versions, but you can still store some of the encrypted and malware-related files and wait for possible decrypter.

This wait may take longer than you think, so NEWS ransomware should be eliminated as soon as possible. Remember to keep in mind that any traces of the virus can affect the system significantly and even launch the secondary encryption. Windows registry, system functions, files, and parts of the device needed for file recovery or virus removal get altered, so the cryptovirus is persistent.

Double-check before adding any new files on the affected device, and make sure to repair the NEWS ransomware virus damage. If you need additional help, check the guide below the article. There are a few options for file restoring too, so check them out.  .NEWS files virus
NEWS ransomware is a malware that focuses on file-encrypting because this is the reason for ransom demands.

.NEWS files virus
NEWS ransomware is a malware that focuses on file-encrypting because this is the reason for ransom demands.

Ransomware comes from spam emails and infected websites

Malicious actors that develop such ransomware threats and other types of more dangerous malware are known for sending emails with malicious attachments or exploiting vulnerabilities of the targeted systems and programs. Criminals spam victims with notifications supposedly coming from companies or services that are popular, so people don’t think too much before opening attached files or clicking on included links.

Don’t fall for unexpected emails from DHL, FedEx, or eBay and other shipping companies, financial services. Especially when the email states about receipts, financial information, updates on your orders, and so on. You should resist even opening the email, especially downloading the document or executable file.

Embedded links, malicious website redirects, infected word documents with macros can load the payload of ransomware directly on the machine, so pay close attention to red flags or simply delete emails you were not expecting to get.

NEWS ransomware file virus needs to get deleted right away, so system damage is affected 

Note that NEWS ransomware virus runs in the background without your knowledge. If you don’t recall opening shady attachments or visiting any malicious websites, your device may have been affected for a while now. Additional processes, programs, and files affect the performance and security of the computer.

To remove NEWS ransomware and terminate all the activities, you need to get rid of all the related files and possible malware. When secondary viruses get installed, automatic virus termination is the only way to go. Rely on SpyHunter 5Combo Cleaner, Malwarebytes, or another anti-malware tool for the job.

When you performed a full system scan and proper NEWS ransomware removal, you should get a PC repair utility like Reimage Reimage Cleaner . This program can find and fix damaged files, change settings back to normal without causing additional damage to your machine. Then go through the recovery options below.

Reimage Reimage Cleaner has a free limited scanner. Reimage Reimage Cleaner offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

Remove NEWS using Safe Mode with Networking

To ensure that NEWS ransomware gets eliminated properly, reboot the machine in Safe Mode with Networking before scanning the system with the anti-malware program

  • Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8

    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete NEWS removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove NEWS using System Restore

System Restore can be the feature helpful for such NEWS ransomware elimination process because it repairs the system in a previous state

Bonus: Recover your data

Guide which is presented above is supposed to help you remove NEWS from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by NEWS, you can use several methods to restore them:

Data Recovery Pro is the option for encrypted file restoring

Data Recovery Pro can restore encrypted or accidentally deleted data for you

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by NEWS ransomware;
  • Restore them.

Windows Previous Versions is another feature that can be used in place of the data backups

When you enable System Restore feature, Windows Previous Versions can be used to recover after NEWS ransomware encryption

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer can help with files affected by NEWS ransomware virus

To get files after .[[email protected]].NEWS ransomware attack back using this method, you need to know that Shadow Volume Copies were left untouched by the threat itself

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

.[[email protected]].NEWS is not decryptable

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from NEWS and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes

This entry was posted on 2020-02-07 at 03:39 and is filed under Ransomware, Viruses.