Nood ransomware (virus) - Free Instructions

Nood virus Removal Guide

What is Nood ransomware?

Nood ransomware – a dangerous virus that can leave you without your files

Nood ransomware

Nood ransomware is a type of malicious software engineered to infiltrate computers and encrypt various personal files, such as photos, videos, and documents. These files become inaccessible once encrypted, marked by the “.nood” extension, and lose their original icons. Trying to open these files will lead to an error message, indicating the files are no longer recognizable.

This ransomware employs the sophisticated RSA encryption method to secure the files, with the decryption keys stored away on the hackers' servers. Victims are then confronted with ransom demands, typically asking for payments between $499 and $999 in Bitcoin. The attackers offer contact through specific email addresses for payment or negotiation purposes: and

The Nood ransomware is part of the expansive Djvu ransomware family, known for its creation of over 600 unique variants, including others like Cdtt and Ndhy. This document will explore methods to combat the malware infection and consider alternatives for recovering the encrypted files, aiming to avoid giving in to the cybercriminals' monetary demands.

Name Nood virus
Type Ransomware, file-locking malware
File extension .nood extension appended to all personal files, rendering them useless
Family Djvu
Ransom note _readme.txt dropped at every location where encrypted files are located
Contact and
File Recovery There is no guaranteed way to recover locked files without backups. Other options include paying cybercriminals (not recommended, might also lose the paid money), using Emisoft's decryptor (works for a limited number of victims), or using third-party recovery software
Malware removal After disconnecting the computer from the network and the internet, do a complete system scan using the SpyHunter 5Combo Cleaner security program
System fix Upon installation, malware can cause severe damage to system files, resulting in instability issues such as crashes and errors. However, FortectIntego PC repair can automatically fix any such damage

How hackers try to convince victims to pay

A ransom note is one of the main components for cybercriminals when it comes to money extortion. Not only does it explain what happened to users' files, but it also attempts to manipulate into paying the ransom, also providing means for communication, as without them the payments would not be possible. If you have been infected with the Nood virus, you can expect the following text note to show up on your desktop:


Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted
with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
Do not ask assistants from youtube and recovery data sites for help in recovering your data.
They can use your free decryption quota and scam you.
Our contact is emails in this text document only.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that's price for you is $499.
Please note that you'll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

This note is designed to instill fear and urgency in victims, urging them to comply with the ransom demand. It underscores the encryption's supposed impenetrability, citing the “strongest encryption and unique key” as barriers to file recovery without their assistance. A semblance of a guarantee is extended by offering to decrypt one file for free, demonstrating their control over the situation.

Additionally, a video link is purportedly provided to display the decryption tool in use, reinforcing their ability to unlock the encrypted files. The ransom is set at $999, with a 50% discount for those who initiate contact within the first 72 hours, pressuring victims to act quickly.

The note finishes with contact instructions and a caution to check the email's Spam or Junk folder if a reply isn't received promptly, hinting at a desire to keep the communication lines open to facilitate payment. The provision of a backup email suggests the perpetrators' foresight in maintaining contact despite potential disruptions, emphasizing the meticulous planning and high-pressure tactics characteristic of the Nood ransomware operation.

Nood ransomware virus

How Djvu variants spread

The entry of Nood ransomware into computer systems usually takes place through deceptive tactics. Commonly, it's an executable file, labeled as '.exe', that serves as the Trojan horse. This file may be hidden inside a ZIP folder, embedded within a macro in Microsoft Office documents, or disguised as an innocuous attachment. Such strategies are deliberately employed by cybercriminals to facilitate the ransomware's spread across a wide array of platforms and targets.

Pirated software also stands as a significant entry point for this ransomware. Torrent websites and peer-to-peer file-sharing networks, known for their lax oversight, serve as fertile grounds for the dissemination of malicious software. These unmonitored and unregulated channels allow cybercriminals to distribute malware with ease. This approach is notably favored by the architects behind the Djvu ransomware family, which includes Nood ransomware.

Furthermore, the virus can infiltrate systems through more secretive avenues, such as trojans or worms, which can enter unnoticed. These stealthy incursions often elude detection, highlighting the need for vigilant security measures. Deploying comprehensive anti-malware solutions and security programs can provide a critical defense layer, carefully examining email attachments and software downloads for any signs of danger.

It's essential to acknowledge that a significant portion of online downloads are laced with malicious intent, skillfully hidden to bypass detection, even by experts. Malicious elements are not always apparent through basic checks, such as verifying file sizes. Therefore, maintaining a high degree of caution and conducting thorough examinations is crucial to avoid falling prey to threats like Nood ransomware.

How to remove the virus from your system

Discovering that your personal files have been encrypted by Nood ransomware is distressing. This ransomware specifically targets a wide range of personal data, including irreplaceable photos and crucial documents, leveraging the significant emotional and practical value these files hold. However, succumbing to the demands of these cybercriminals should not be your first course of action. Here are some steps to consider instead.

Firstly, remove the ransomware from your system. Although the ransomware may self-delete after encrypting your files, it could have spread additional harmful payloads that still pose a risk. Utilize comprehensive anti-malware software like SpyHunter 5Combo Cleaner or Malwarebytes to thoroughly cleanse your system of the ransomware and any hidden malicious elements.

If the ransomware prevents the removal tools from functioning properly, try running the scan in Safe Mode. This environment is better suited for dealing with malware issues.

After clearing your system of the ransomware, you might encounter operational issues like crashes or errors, which are aftereffects of the ransomware's damage. To address these, use a reliable PC repair tool FortectIntego. Such tools can fix system problems efficiently, avoiding the complexity and time consumption of a full Windows reinstall.

Data recovery possibilities

After successfully removing the Nood ransomware and any associated threats from your system, the next step is to focus on the recovery of your data. It's essential to ensure that all traces of malware are eradicated to prevent further data loss or another encryption attack.

Misconceptions about ransomware are widespread, particularly regarding the nature of the encryption it employs and the operation of such malicious software. Many victims mistakenly believe that running security scans or engaging in manual fixes, such as renaming files, will reverse the encryption. However, the challenge is significantly more intricate.

The encryption technique utilized by ransomware like Nood is based on sophisticated algorithms that generate nearly unbreakable encryption keys. Merely eliminating the ransomware does not revert the encryption; the affected files stay locked and unreachable without the specific decryption key, which the attackers closely guard.

Ransomware operates by assigning a unique identifier and encryption key to each encrypted file, details that are then sent back to the attackers. This process ensures that the cybercriminals have all they require to produce a decryption key, effectively holding the victim's data hostage. The primary aim is to exploit the victim's dire situation for monetary gain, making ransomware a profitable business for cybercriminal organizations.

Although paying the ransom might appear to be a straightforward way out, we advocate for considering alternative recovery options. Before you try any recovery strategies, it's wise to back up the encrypted files to mitigate the risk of additional loss.

One such recovery solution is the use of a decryption utility from Emsisoft, though its success heavily depends on the specific ransomware variant and several other factors.

  • Download the app from the official Emsisoft website.Nood ransomware
  • After pressing Download button, a small pop-up at the bottom, titled decrypt_STOPDjvu.exe should show up – click it.
    Nood ransomware
  • If User Account Control (UAC) message shows up, press Yes.
  • Agree to License Terms by pressing Yes.
    Nood ransomware
  • After Disclaimer shows up, press OK.
  • The tool should automatically populate the affected folders, although you can also do it by pressing Add folder at the bottom.
    Nood ransomware
  • Press Decrypt.
    Nood ransomware

From here, there are three available outcomes:

  1. Decrypted!” will be shown under files that were decrypted successfully – they are now usable again.
  2. Error: Unable to decrypt file with ID:” means that the keys for this version of the virus have not yet been retrieved, so you should try later.
  3. This ID appears to be an online ID, decryption is impossible” – you are unable to decrypt files with this tool.

If your data was encrypted with an online ID, Emsisoft's tool won't work. In such a case, we recommend trying specialized data recovery software instead.

  • Download Data Recovery Pro.
  • Double-click the installer to launch it.
    Nood ransomware
  • Follow on-screen instructions to install the software.
  • As soon as you press Finish, you can use the app.
  • Select Everything or pick individual folders which you want the files to be recovered from.Select what to recover
  • Press Next.
  • At the bottom, enable Deep scan and pick which Disks you want to be scanned.Select Deep scan
  • Press Scan and wait till it is complete.Scan
  • You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  • Press Recover to retrieve your files.

Check out the instructions below for more tips and troubleshooting.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Nood virus. Follow these steps

Restore Windows "hosts" file to its original state

Some ransomware might modify Windows hosts file in order to prevent users from accessing certain websites online. For example, Djvu ransomware variants add dozens of entries containing URLs of security-related websites, such as Each of the entries means that users will not be able to access the listed web addresses and will receive an error instead.

Here's an example of “hosts” file entries that were injected by ransomware:

Hosts file

In order to restore your ability to access all websites without restrictions, you should either delete the file (Windows will automatically recreate it) or remove all the malware-created entries. If you have never touched the “hosts” file before, you should simply delete it by marking it and pressing Shift + Del on your keyboard. For that, navigate to the following location:


Delete Windows "hosts" file

Create data backups to avoid file loss in the future

One of the many countermeasures for home users against ransomware is data backups. Even if your Windows get corrupted, you can reinstall everything from scratch and retrieve files from backups with minimal losses overall. Most importantly, you would not have to pay cybercriminals and risk your money as well.

Therefore, if you have already dealt with a ransomware attack, we strongly advise you to prepare backups for future use. There are two options available to you:

  • Backup on a physical external drive, such as a USB flash drive or external HDD.
  • Use cloud storage services.

The first method is not that convenient, however, as backups need to constantly be updated manually – although it is very reliable. Therefore, we highly advise choosing cloud storage instead – it is easy to set up and efficient to sustain. The problem with it is that storage space is limited unless you want to pay for the subscription.

Using Microsoft OneDrive

OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to setup backups for OneDrive:

  1. Click on the OneDrive icon within your system tray.
  2. Select Help & Settings > Settings.
    Go to OneDrive settings
  3. If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
    Add OneDrive account
  4. Once done, move to the Backup tab and click Manage backup.
    Manage backup
  5. Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
  6. Press Start backup.
    Pick which folders to sync

After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).

Using Google Drive

Google Drive is another great solution for free backups. The good news is that you get as much as 15GB for free by choosing this storage. There are also paid versions available, with significantly more storage to choose from.

You can access Google Drive via the web browser or use a desktop app you can download on the official website. If you want your files to be synced automatically, you will have to download the app, however.

  1. Download the Google Drive app installer and click on it.
    Install Google Drive app
  2. Wait a few seconds for it to be installed. Complete installation
  3. Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
    Google Drive Sign in
  4. Click Get Started. Backup and sync
  5. Enter all the required information – your email/phone, and password. Enter email/phone
  6. Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
  7. Once done, pick Next. Choose what to sync
  8. Now you can select to sync items to be visible on your computer.
  9. Finally, press Start and wait till the sync is complete. Your files are now being backed up.

Report the incident to your local authorities

Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.

Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:

Internet Crime Complaint Center IC3

If your country is not listed above, you should contact the local police department or communications center.

How to prevent from getting ransomware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions