Naampa Ransomware

Naampa Ransomware is one of the nastiest infections that exist – its entrance always results in the loss of some personal files. If you ever get infected with this threat, you will eventually discover a bunch of files encrypted too. Users living in Russian-speaking countries should be careful the most because it seems that this infection targeting those users primarily – the ransom note it leaves on victims’ PCs after encrypting their files is only in Russian. We do not say that users from other countries cannot discover this infection on their computers. No matter where you live, you must delete the ransomware infection from your system as soon as possible if you ever encounter it. Some users do not go to erase this threat from their PCs because they believe that they could get their files back. Unfortunately, it is not a joke and your files will not be unlocked after some time. Cyber criminals will not give it to you even if you write an email as instructed. It is more likely that you will be offered to purchase a decryptor from them. As you may suspect, there are no guarantees that you will be given a decryption key. There are many cases when malicious software developers do not give the promised tool to users, but, of course, they do not miss an opportunity to take the money transferred to them.

All malicious applications seeking to obtain money from users fall into the category of ransomware. Some of them open screen-locking windows on users’ Desktops and then demand a ransom, whereas others, Naampa Ransomware among them, lock users’ files first and then drop/open a file containing the ransom message. Although a number of threats categorized as ransomware encrypt files, you can be sure that Naampa Ransomware is the one that has locked your data if those files you can no longer open have the .crptd extension appended next to their original extensions, for instance, picture.jpg.crptd. What distinguishes it from other ransomware infections analyzed by specialists at pcthreat.com is the fact that it does not tell users anything about the ransom they have to pay. Users are only told that their files have been encrypted with the RSA-2048 encryption algorithm and they should send one of the encrypted files together with key.res (a file) to Unlckr@protonmail.com if they want to get them back. Although users are not told about the price of the decryption tool in advance, we are 99% sure that you will be told to make a payment when you write an email to cyber criminals behind this malicious application. You should not give them your money because you might get nothing from them and, in this case, your money will not be returned to you either.

We cannot promise that you could get your files back, but you should still try out one method – restoring data from a backup. If this backup is not located on the compromised machine, you could easily restore those encrypted files after the Naampa Ransomware removal. It is recommended getting rid of the malicious application first because its launcher might be opened again accidentally and, as a consequence, all files might be encrypted once again.

For the time being, Naampa Ransomware is being distributed via malicious attachments in spam emails, but it is definitely not the only existing tactic used to spread creations of malicious software developers. Malware might be available for download at third-party pages too and, on top of that, it might be dropped on users’ PCs by other harmful malicious applications, e .g. Trojans. We are sure you will soon realize that Naampa Ransomware is active on your computer if you get infected with it. You will not only discover encrypted files, but you could also find key.res and !----README----!.jpg in %USERPROFILE%\Downloads after its entrance.

If you arrive at a final decision to eliminate Naampa Ransomware from your computer, go to remove two files belonging to this infection from %USERPROFILE%\Downloads or let an automated malware remover do this for you. Additionally, do not forget to erase suspicious recently downloaded files and other active threats from your system. No matter which of the two removal methods you employ, you will not unlock your files by simply deleting the ransomware infection from your system.

Delete Naampa Ransomware manually

1. Press Win+E.
2. Open %USERPROFILE%\Documents.
3. Delete the following two files: !----README----!.jpg and key.res.
4. Remove all suspicious files downloaded from the web not long ago.
5. Empty the Recycle bin.