Newht Ransomware

Newht Ransomware is a malicious application which might slither onto your computer one day and encrypt your files. Specialists working at pcthreat.com (they have tested this infection) have revealed that it has been developed using the source code of Hidden Tear, an open source ransomware, so it could have been created for testing/educational purposes primarily too. It seems that nothing has changed since its first release – Newht Ransomware is still not spread actively. Actually, it does not even demand a ransom like other ransomware infections do. Although it does not ask users to transfer money for the decryption key and does not provide any information about the decryption of files, it does not miss a chance to encrypt files, so those users who ever encounter this infection and get their files encrypted might not be able to get any of them back even if they are ready to make a payment in exchange for the decryption key. No matter Newht Ransomware has encrypted files or not, uninstall it without any hesitation if it is active on your computer. The infection rate of Newht Ransomware is low, but we have still prepared the manual removal guide – find it below the article – in case there are users who detect this ransomware-type infection on their systems.

Newht Ransomware is a typical ransomware infection, so it should encrypt files it finds on users’ computers. Specifically speaking, it should lock files with .ppt, .jpg, .png, .csv, .sql, .php, .xml, .pdf, and other popular filename extensions. It finds and encrypts those files no matter where they are located. Researchers have noticed that it only leaves files located in the %APPDATA% directory intact. All these encrypted files receive .htrs extensions; however, if you cannot access data having the .ruby filename extension, there is basically no doubt that you have become the victim of Newht Ransomware too – its new versions might add the .ruby extension to mark the encrypted files. As mentioned above, Newht Ransomware has been developed for educational purposes, so it does not demand a ransom in exchange for the decryption key, and it is impossible to purchase the decryptor from cyber criminals. Of course, cyber criminals might take this threat over in the future, update it, and start spreading it actively with the intention of getting easy money. In case you are reading this article because you have encountered an updated version of Newht Ransomware, remove it as soon as possible too and do not send money to cyber crooks – it is never a good solution to the problem. To be frank, users can recover their files free only if they have their copies – this shows the importance of backing up files periodically.

Although the infection rate of Newht Ransomware is low and it is not likely at all that cyber criminals will start distributing it actively any time soon, specialists have still tested it carefully and noticed that there are two things that make it unique: first, it connects to the local server http://192.168.200.1/write.php? and, second, it detects Virtual machines. If none of them are found, the encryption process starts. All these features show that this threat has been developed for testing/educational purposes.

At the time of writing, Newht Ransomware is not distributed actively, so we do not have information about methods used to spread it too. Theoretically, cyber criminals might start spreading it with the intention of getting money from users one day, but nobody knows whether this will really happen. Of course, you should be cautious all the time if you do not want to end up with malicious software. What security specialists expect you to do is to a) stop opening spam emails, b) stop downloading software from suspicious third-party pages, and c) install a reputable security application.

Delete Newht Ransomware as soon as possible no matter it has encrypted your files and dropped a ransom note readme.txt for you or your files are fine because you can never know when this infection is updated. First, the process representing this infection needs to be killed and then malicious files deleted from the system. Our instructions will help you to delete this threat manually, but you can erase it automatically too if you find the manual method quite hard. Keep in mind that an automatic tool could not decrypt your files (if they have been locked) either.

Remove Newht Ransomware manually

1. Tap Ctrl+Alt+Del.
2. Open the Task Manager.
3. Click on the Processes tab to open it.
4. Find the process belonging to ransomware (it will have a word ruby in its description).
5. Kill this process (right-click on it and click End Process).
6. Open the Windows Explorer.
7. Open %TEMP%, %USERPROFILE%\Desktop, and %USERPROFILE%\Downloads.
8. Remove all suspicious files you find there.
9. Empty the Recycle bin.