.2NEW file extension is a newly detected threat in the family of ransomware that encrypts most of the files on the attacked PC. Security researchers had reported that the threat uses AES-256 and RSA-2048 encryption algorithm to encode files on the attacked PC and appends ‘.2NEW extension’ to the encrypted files. It is analyzed that the .2NEW extension mostly targets English and Russian-speaking users. And is distributed through phishing email campaigns similar like Dream_dealer@aol.com Ransomware. Unfortunately, if the user downloads the infected mail attachment that is actually a macro-enabled document containing the payloads of the virus. Upon clicking, the document starts running the script and .2NEW extension gets installed on the attacked computer system.
After installed, it searches for the important documents, photos, video, audio, databases, PDFs and other local drives. The infection uses AES cipher to transcode the data that are locked by the filename and the‘.2NEW extension’ suffix. For example, blackcat.jpg is renamed to blackcat.jpg.2NEW. After the encryption process been done, then the Ransomware drops a file named as ‘README_FOR_DECRYPT_YOUR_FILES.txt’ on the desktop and the encryption locations.
However, there is no any guarantee that they will decrypt all the files after receiving the payment. Thus, security researchers advise not to pay the ransom to the authors of .2NEW extension and quickly remove the threat from the PC. Also, you can try recovering your data from backups if any or take the help of data recovery software programs.
List of file extension encrypted
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
If you are among the one being a victim of “ .2NEW extension”, then we would strongly suggest you not to pay any ransom to illegitimate persons behind it. Because even after paying they are not going to give your files back. So it is urged that you must opt for removal solutions for .2NEW extension extension and try to recover files by automatic data recovery tool or any backup copy if you have.
We would recommend to use below tool and run it on your computer to remove .2NEW extension automatically.