Severity scale:  

Remove NEWS ransomware (Free Guide) - Quick Decryption Solution

removal by Alice Woods - - | Type: Ransomware

NEWS ransomware is the file-encrypting virus that spreads infection via email attachments 

NEWS ransomwareNEWS ransomware – cryptovirus that claims to offer a decryption tool for victims that decide to pay the ransom. It makes files useless after the encryption process and marks them using the appendix pattern .victims'ID-ID.[].NEWS. When files get encoded and marked using this extension, a ransom note appears on the screen and in some of the folders containing encrypted data. The program window at first delivers payment instructions and initial information about the encryption process, so people can know what happened. 

Then the text file FILES ENCRYPTED.txt informs NEWS ransomware virus victims what to do further – contact the developers via email addresses and However, that is not the best option since this is a version of Dharma ransomware – a known threat that is not decryptable from the start. Malicious actors that release new versions of the virus cannot guarantee that the decryption tool is available after the payment, so do not trust them and try to terminate the virus instead of contacting them. Crypto malware can easily damage the machine with additional processes, so the more time it gets on the device the more issues you need to fix later.

Name NEWS ransomware
Family Dharma ransomware
File marker .NEWS is the appendix that appears on every encrypted file after the original name and file type extension. The full pattern of the extension includes the email address of the crooks – .victims'ID-ID.[].NEWS
Ransom note The pop-up window shows up on the screen with instructions and payment options. This program window, in most cases, is named with one of the contact emails. Also, a ransom note in the text file named FILES ENCRYPTED.txt is added on every folder with encoded data and on the desktop. This file includes contact emails and encouragement to contact criminals for file recovery
Distribution Sites that include malicious code, files loaded on the emails with malicious macros[1] all can install either the malware that acts as a payload dropper or this cryptovirus directly on the system without additional interaction or permissions
Contact emails and
Elimination Get a professional anti-malware program and remove NEWS ransomware during a full system scan that indicates all the intruders and malicious programs, so it can delete any possible threats
Repair Ransomware is a powerful infection that interferes with other functions and affects system files behind the user's back, so you should get a PC repair tool or a system program like Reimage Reimage Cleaner Intego that can find virus damage and fix affected files. If you skip that step, your files may get affected again when you try to repair them from the backup

NEWS ransomware is the version of the Dharma virus that is known for delivering full instructions with payment options and places where Bitcoins can get purchased. Cryptocurrency extortion is the main aim of the malicious actors behind this threat. However, experts[2] do not recommend paying or even contacting such crook,s especially when it comes to this family.

This particular .[].NEWS ransomware delivers a shorter version of the common note:

Don't worry,you can return all your files!
If you want to restore them, follow this link:email YOUR ID 1E857D00
If you have not been answered via the link within 12 hours, write to us by
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Also, a text file with particular contact emails gets placed in various folders containing NEWS ransomware encrypted files. The particular ransom amount is not determined, so when people contact the criminals, malicious actors can specify the amount the victim needs to pay for the alleged decryption tool. These crooks may offer test decryption of one or a few files, but that is the method to fake trust between you and criminals. Don't fall for this scam.

Even though .[].NEWS ransomware aims to get money from people the encryption process is not the only activity malware runs on the machine. It starts the attack with file locking and gives 12 hours for victims to pay up. During the time on the system, threat also interferes with such settings, like security features or functions that allow file recovery to happen.

NEWS ransomware removal process may get difficult because of these alterations because the virus is set to disable AV tools, damage registry, and affect the performance of some of the applications and programs. When the anti-malware tool that already is on the system cannot work, you may reboot the machine in Safe Mode with Networking and launch the alternate AV tool from an external device, for example.  NEWS ransomware virusNEWS ransomware - a threat that derives from a dangerous Dharma virus that is known to be undecryptable for many years now. Even when the ransom note from NEWS ransomware developers seems convincing, you should think twice before writing them an email. There are no better options than to get rid of the virus without communication with criminals and recover encrypted data. 

There is no easy way to remove NEWS ransomware because cryptovirus is a dangerous and powerful malware that avoids detection[3] and makes the machine running poorly to keep the control of files and functions. Your files may bet damaged permanently and you may lose money of you consider paying the ransom as an option. Get a proper AV tool and remove the threat. Then clean the system with Reimage Reimage Cleaner Intego or a similar system tool and rely on data backups to replace affected files with safe copies. 

.[].NEWS virus cannot be decrypted because researchers haven't released any tools available for users. It is not common to find decryptable Dharma versions, but you can still store some of the encrypted and malware-related files and wait for possible decrypter.

This wait may take longer than you think, so NEWS ransomware should be eliminated as soon as possible. Remember to keep in mind that any traces of the virus can affect the system significantly and even launch the secondary encryption. Windows registry, system functions, files, and parts of the device needed for file recovery or virus removal get altered, so the cryptovirus is persistent.

Double-check before adding any new files on the affected device, and make sure to repair the NEWS ransomware virus damage. If you need additional help, check the guide below the article. There are a few options for file restoring too, so check them out.  .NEWS files virusNEWS ransomware is a malware that focuses on file-encrypting because this is the reason for ransom demands.

Ransomware comes from spam emails and infected websites

Malicious actors that develop such ransomware threats and other types of more dangerous malware are known for sending emails with malicious attachments or exploiting vulnerabilities of the targeted systems and programs. Criminals spam victims with notifications supposedly coming from companies or services that are popular, so people don't think too much before opening attached files or clicking on included links.

Don't fall for unexpected emails from DHL, FedEx, or eBay and other shipping companies, financial services. Especially when the email states about receipts, financial information, updates on your orders, and so on. You should resist even opening the email, especially downloading the document or executable file.

Embedded links, malicious website redirects, infected word documents with macros can load the payload of ransomware directly on the machine, so pay close attention to red flags or simply delete emails you were not expecting to get.

NEWS ransomware file virus needs to get deleted right away, so system damage is affected 

Note that NEWS ransomware virus runs in the background without your knowledge. If you don't recall opening shady attachments or visiting any malicious websites, your device may have been affected for a while now. Additional processes, programs, and files affect the performance and security of the computer.

To remove NEWS ransomware and terminate all the activities, you need to get rid of all the related files and possible malware. When secondary viruses get installed, automatic virus termination is the only way to go. Rely on SpyHunter 5Combo Cleaner, Malwarebytes, or another anti-malware tool for the job.

When you performed a full system scan and proper NEWS ransomware removal, you should get a PC repair utility like Reimage Reimage Cleaner Intego. This program can find and fix damaged files, change settings back to normal without causing additional damage to your machine. Then go through the recovery options below.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove NEWS virus, follow these steps:

Remove NEWS using Safe Mode with Networking

To ensure that NEWS ransomware gets eliminated properly, reboot the machine in Safe Mode with Networking before scanning the system with the anti-malware program

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove NEWS

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete NEWS removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove NEWS using System Restore

System Restore can be the feature helpful for such NEWS ransomware elimination process because it repairs the system in a previous state

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of NEWS. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that NEWS removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove NEWS from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by NEWS, you can use several methods to restore them:

Data Recovery Pro is the option for encrypted file restoring

Data Recovery Pro can restore encrypted or accidentally deleted data for you

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by NEWS ransomware;
  • Restore them.

Windows Previous Versions is another feature that can be used in place of the data backups

When you enable System Restore feature, Windows Previous Versions can be used to recover after NEWS ransomware encryption

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer can help with files affected by NEWS ransomware virus

To get files after .[].NEWS ransomware attack back using this method, you need to know that Shadow Volume Copies were left untouched by the threat itself

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

.[].NEWS is not decryptable

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from NEWS and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions


Your opinion regarding NEWS ransomware