Nypd Ransomware - How to remove

Nypd is Djvu-type ransomware that infects computers through unreliable downloads. It installs spyware and corrupts files. Nypd is meant to make money by extorting their victims of hundreds of dollars each. People look for alternative ways to get their files back, but though there are a few options, none of them are certain to repair the data. Meanwhile, scammers lurk around the desperate victims, trying to take advantage of them. If you got infected with Nypd, you need to remove it and other malware, then consider your options for restoring the files.

About Nypd:

Classification	Ransomware, spyware.
How Nypd works	Downloaded in infected installers, encrypts files and changes their names by appending “.nypd”, asks for a ransom of hundreds of dollars.
Can you get the files back	Use backups to keep data safe, use the free decryptor, recover deleted files, repair corrupted files, stay away from scammers.
How to delete Nypd	Repair system settings that Nypd broke, use antivirus programs (Spyhunter, others) to find and remove malware, set new passwords and make sure that 2fa is on everywhere.

How Nypd ransomware works

Infection

First of all, Nypd is just a random letter combination and has nothing to do with the New York Police Department or any other organization that uses the same abbreviation.

As far as I know, Nypd ransomware doesn’t spread through exploit kits or remote desktop. Rather, it gets downloaded in installers from shady sites, usually from pirating websites (Office suite installers, cracked games and game cheats, other pirated commercial software). Unknown torrents are the riskiest, but even reputable ones can cause problems. Sometimes, a trusted uploader suddenly starts spreading ransomware.

Encryption and more malware

Once the infected file is downloaded and run, Nypd is installed – together with the info-stealing trojan Azorult. Nypd deletes backups (shadow volume copies, restore points) and even tries to delete antivirus updates. It also disables Task Manager and blocks a bunch of websites.

Then, Nypd starts going through the files on the computer (documents, images, spreadsheets, text files, videos, songs, archives, etc.) and encrypting them. It uses an algorithm which is quite secure and fast. After this, Nypd changes the names of the encrypted files by giving each of them a second extension – “nypd”. This does nothing but mark the files as encrypted by Nypd.

The “ransom” part of “ransomware” is revealed when Nypd creates a bunch of ransom notes called “_readme”. They include the email addresses of the crypto-extortionists, as well as what kind of money they’re asking in exchange for fixing the files – $490 or $980, depending on how quickly the victim contacts them.

Meanwhile, the trojan might download and install a bunch of adware. It also reads the contacts, passwords, payment information, and other data saved in web browsers and other online apps (Nypd doesn’t encrypt them), and upload it for the cybercriminals to sell or use in other attacks.

How to get the files back

Ways to restore encrypted

If you had a backup on another device, then you can recover your files from it. Backups are important: they protect your files in cases of your computer breaking or failing, and not just in cases of ransomware.

If the only copies of your files were locked by Nypd, then there is still some hope. Begin by putting all of the encrypted files that you care about on a backup. This could be an external drive, the cloud, another computer, etc. Do not make changes to the encrypted files if you don’t have backup copies.

First, you could try scanning the Nypd-locked files with the Emsisoft decryptor. It was developed by a ransomware expert, is maintained constantly, and is available to everyone for free. The way that Nypd’s encryption works makes it impossible to crack or break it without having the decryption keys, which only the criminals have. In limited cases, though, decryption keys can be reused. To find out if your files can possibly be decrypted without paying the ransom, scan them with that decryptor and check the scan results.

If that’s also not an option, then look into repairing corrupted files (an example for 7-zip, but each file type’s process is different). Here’s the thing: to save time, Nypd only encrypts some portions of the larger files. This means that you can throw out those portions, repair the file’s headers, metadata, etc., and still have some of your data left.

Be careful of scams

The options for getting your files back after an Nypd attack are a few:

• check if they can be decrypted for free,
• use data recovery programs to restore deleted files,
• repair corrupted files yourself,
• check every folder to see if Nypd missed any of them (it happens).

Most importantly, don’t fall for scammers. Recently, a fake Djvu decryptor was found that, instead of repairing files, would encrypt them. Other scammers might promise decryption in exchange for a sum of money, then demand more and more money without ever repairing the files. A scammer might decrypt one or two files for you as a way to prove that they can do it, but are only able to do that because Nypd’s developers offer the same thing. At best, scammers will pay Nypd’s makers, decrypt your files, and pocket the change. At worst, they’ll take your money and disappear.

If there was a way to get the files back, professionals would have discovered it by now. After all, Nypd is part of a well-known ransomware family, Djvu. Indeed, Djvu’s earlier versions were analyzed and a decryption tool was developed by a ransomware expert. Since then, Djvu has been improved and such decryption of its newest variants, such as Nypd, Zwer, and others, is no longer possible. Some confusion about this still exists online, so just know – only trust reputable sources on any developments of Nypd’s decryption. And don’t expect much.

How to remove Nypd ransomware

It is possible to use an antivirus program, such as Spyhunter, to get Nypd and other malware off of your computer. Here’s a page on VirusTotal showing the detection of the ransomware. Deleting Nypd does not fix your files, but it’s nevertheless very important to avoid re-encryption.

To be able to download antivirus programs and updates, though, you need to fix what Nypd did when bocking files. Just find the hosts file and repair it as described below. In addition, restore the use of your Task Manager.

As the trojan might have stolen your credentials, you should set new passwords by using a clean computer. Turn on 2-factor authentication if you haven’t yet. Be careful of malicious spam mail.

Important -- edit the hosts file to unblock security websites

TL DR : The hosts file is edited to block security sites Before the virus can be removed, it's necessary to fix the hosts file (the file which controls which addresses connect to which IPs). That is the reason the majority of security websites is inaccessible when infected with this particular parasite. This infection edits this file to stop certain websites, including anti-malware download sites, from being accessed from the infected computer, making browsers return the "This site can't be reached" error. Luckily, it's trivial to fix the file and remove the edits that were made to it.

Find and edit the hosts file

The hosts file can be found on C:/Windows/System32/Drivers/etc/hosts. If you don't see it, change the settings to see hidden files.

1. In the Start Menu, search for Control Panel.
2. In the Control Panel, find Appearance and Personalization.
3. Select Folder Options.
4. Open the View tab.
5. Open Advanced settings.
6. Select "Show hidden files...".
7. Select OK.

Open this file with administrator privileges.

1. Open the Start Menu and enter "notepad".
2. When Notepad shows up in the result, right-click on it.
3. In the menu, choose "Run as administrator"
4. File->Open and browse for the hosts file.

The hosts file should look like this: Delete additional lines that they connect various domain names to the wrong IP address. Save the file.

Download and run the antivirus program

After that, download antivirus programs and use them to remove the ransomware, the trojan, and other malware. Spyhunter (https://www.2-viruses.com/reviews/spyhunter/dwnld/).

Automatic Malware removal tools