Home Malware Programs Ransomware Noos Ransomware

Noos Ransomware

Posted: October 3, 2019

The Noos Ransomware is a file-locking Trojan that uses encryption as a means of locking your computer's files. The family of the STOP Ransomware uses secure encryption, in most cases, and includes local backup-deleting functionality. Users can back up their work on other devices for its safety and depend on anti-malware tools for removing the Noos Ransomware.

From Asia to Africa with Equal-Opportunity Extortionists

Another version of the STOP Ransomware is as expected as daily sun or rain, but most variants that malware researchers track find their way to various regions of Southeast Asia. Although this pattern is a well-maintained one across subtypes like the Kvag Ransomware, the geraramCetori Ransomware, and the Lotej Ransomware, there are exceptions. For instance, the Noos Ransomware is circulating simultaneously in both Asia and Africa.

The Noos Ransomware is one of the newest builds of the STOP Ransomware, at 168, making it two versions ahead of the almost-equally-recent Nesa Ransomware. It runs an encryption routine with both AES and RSA algorithms for locking files and securing them against unlockers or decryptors. Users should have few issues with identifying unusable media, due to the changes to filename extensions, which are characteristic of most encryption-using Trojans.

Users should expect the Noos Ransomware infections, also, wiping the Restore Point information, which is a well-known trait of this family (and most Ransomware-as-a-Services). Even if media files aren't a consideration, this family has limited threat-downloading potential, encompassing spyware that can collect credentials. As such, the Noos Ransomware always should be responded to as a threat – even if you don't care what happens to your local files.

Ending a Cross-Continent Trojan Trip

Although multiples of file-locker Trojans would be an exercise in redundancy, such appears the case with some the Noos Ransomware infections. Victims are reporting symptoms that correspond to the symptoms of another Trojan of the same class, possibly, also of the STOP Ransomware family. This unusual attack could be a coincidence of one user encountering multiple infection exploits, or a for-hire Trojan downloader or Exploit Kit running more than one download.

Recovering files from a STOP Ransomware infection is a relatively rare event. Users who, somehow, prevent the Trojan from contacting its server can force it into an encryption method with a higher chance of reverse-engineering solutions. Malware experts strongly discourage placing any hope in this means of acquiring a decryptor or paying the ransom. Backups, if securely stored, can provide impenetrable protection for any user's files.

As another layer of protection, active anti-malware products will remove most file-locking Trojans, such as members of the STOP Ransomware. Detection rates currently suggest that most reputable services should delete the Noos Ransomware before it even infects the PC. There's a lot of room between Indonesia and Nigeria, but Trojans like the Noos Ransomware can move at the speed of the Internet.

Related Posts

Loading...