NEWS ransomware is the file-encrypting virus that spreads infection via email attachments

Then the text file FILES ENCRYPTED.txt informs NEWS ransomware virus victims what to do further – contact the developers via email addresses notgoodnews@tutanota.com and notgoodnews@cock.li. However, that is not the best option since this is a version of Dharma ransomware – a known threat that is not decryptable from the start. Malicious actors that release new versions of the virus cannot guarantee that the decryption tool is available after the payment, so do not trust them and try to terminate the virus instead of contacting them. Crypto malware can easily damage the machine with additional processes, so the more time it gets on the device the more issues you need to fix later.
| Name | NEWS ransomware |
|---|---|
| Family | Dharma ransomware |
| File marker | .NEWS is the appendix that appears on every encrypted file after the original name and file type extension. The full pattern of the extension includes the email address of the crooks – .victims'ID-ID.[notgoodnews@tutanota.com].NEWS |
| Ransom note | The pop-up window shows up on the screen with instructions and payment options. This program window, in most cases, is named with one of the contact emails. Also, a ransom note in the text file named FILES ENCRYPTED.txt is added on every folder with encoded data and on the desktop. This file includes contact emails and encouragement to contact criminals for file recovery |
| Distribution | Sites that include malicious code, files loaded on the emails with malicious macros[1] all can install either the malware that acts as a payload dropper or this cryptovirus directly on the system without additional interaction or permissions |
| Contact emails | notgoodnews@tutanota.com and notgoodnews@cock.li |
| Elimination | Get a professional anti-malware program and remove NEWS ransomware during a full system scan that indicates all the intruders and malicious programs, so it can delete any possible threats |
| Repair | Ransomware is a powerful infection that interferes with other functions and affects system files behind the user's back, so you should get a PC repair tool or a system program like FortectIntego that can find virus damage and fix affected files. If you skip that step, your files may get affected again when you try to repair them from the backup |
NEWS ransomware is the version of the Dharma virus that is known for delivering full instructions with payment options and places where Bitcoins can get purchased. Cryptocurrency extortion is the main aim of the malicious actors behind this threat. However, experts[2] do not recommend paying or even contacting such crook,s especially when it comes to this family.
This particular .[notgoodnews@tutanota.com].NEWS ransomware delivers a shorter version of the common note:
YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email notgoodnews@tutanota.com YOUR ID 1E857D00
If you have not been answered via the link within 12 hours, write to us by e-mail:notgoodnews@cock.li
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Also, a text file with particular contact emails gets placed in various folders containing NEWS ransomware encrypted files. The particular ransom amount is not determined, so when people contact the criminals, malicious actors can specify the amount the victim needs to pay for the alleged decryption tool. These crooks may offer test decryption of one or a few files, but that is the method to fake trust between you and criminals. Don't fall for this scam.
Even though .[notgoodnews@tutanota.com].NEWS ransomware aims to get money from people the encryption process is not the only activity malware runs on the machine. It starts the attack with file locking and gives 12 hours for victims to pay up. During the time on the system, threat also interferes with such settings, like security features or functions that allow file recovery to happen.
NEWS ransomware removal process may get difficult because of these alterations because the virus is set to disable AV tools, damage registry, and affect the performance of some of the applications and programs. When the anti-malware tool that already is on the system cannot work, you may reboot the machine in Safe Mode with Networking and launch the alternate AV tool from an external device, for example. 
There is no easy way to remove NEWS ransomware because cryptovirus is a dangerous and powerful malware that avoids detection[3] and makes the machine running poorly to keep the control of files and functions. Your files may bet damaged permanently and you may lose money of you consider paying the ransom as an option. Get a proper AV tool and remove the threat. Then clean the system with FortectIntego or a similar system tool and rely on data backups to replace affected files with safe copies.
.[notgoodnews@tutanota.com].NEWS virus cannot be decrypted because researchers haven't released any tools available for users. It is not common to find decryptable Dharma versions, but you can still store some of the encrypted and malware-related files and wait for possible decrypter.
This wait may take longer than you think, so NEWS ransomware should be eliminated as soon as possible. Remember to keep in mind that any traces of the virus can affect the system significantly and even launch the secondary encryption. Windows registry, system functions, files, and parts of the device needed for file recovery or virus removal get altered, so the cryptovirus is persistent.
Double-check before adding any new files on the affected device, and make sure to repair the NEWS ransomware virus damage. If you need additional help, check the guide below the article. There are a few options for file restoring too, so check them out. 
Ransomware comes from spam emails and infected websites
Malicious actors that develop such ransomware threats and other types of more dangerous malware are known for sending emails with malicious attachments or exploiting vulnerabilities of the targeted systems and programs. Criminals spam victims with notifications supposedly coming from companies or services that are popular, so people don't think too much before opening attached files or clicking on included links.
Don't fall for unexpected emails from DHL, FedEx, or eBay and other shipping companies, financial services. Especially when the email states about receipts, financial information, updates on your orders, and so on. You should resist even opening the email, especially downloading the document or executable file.
Embedded links, malicious website redirects, infected word documents with macros can load the payload of ransomware directly on the machine, so pay close attention to red flags or simply delete emails you were not expecting to get.
NEWS ransomware file virus needs to get deleted right away, so system damage is affected
Note that NEWS ransomware virus runs in the background without your knowledge. If you don't recall opening shady attachments or visiting any malicious websites, your device may have been affected for a while now. Additional processes, programs, and files affect the performance and security of the computer.
To remove NEWS ransomware and terminate all the activities, you need to get rid of all the related files and possible malware. When secondary viruses get installed, automatic virus termination is the only way to go. Rely on SpyHunterCombo Cleaner, MalwarebytesMalwarebytes, or another anti-malware tool for the job.
When you performed a full system scan and proper NEWS ransomware removal, you should get a PC repair utility like FortectIntego. This program can find and fix damaged files, change settings back to normal without causing additional damage to your machine. Then go through the recovery options below.
Was this guide helpful?
Be the first to comment