'Nomoneynohoney@india.com' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 36 |
| First Seen: | November 2, 2016 |
| Last Seen: | May 5, 2022 |
| OS(es) Affected: | Windows |
The 'Nomoneynohoney@india.com' Ransomware is a variant of the Crysis Ransomware family. Threats in this family are quite harmful since its effects cannot be undone once they have infected the victim's files. The 'Nomoneynohoney@india.com' Ransomware, like other Crysis Ransomware variants, will encrypt the victim's files with a strong encryption algorithm. Unfortunately, the files that have been encrypted by the 'Nomoneynohoney@india.com' Ransomware and other Crysis variants cannot be decrypted without access to a decryption key that is held by the people responsible for the attack.
A Funny Name for a Harmful Trojan
The 'Nomoneynohoney@india.com' Ransomware, unlike many Crysis variants, seems to be designed to target servers and networks specifically. Although the 'Nomoneynohoney@india.com' Ransomware will carry out effective attacks on individual victims, the 'Nomoneynohoney@india.com' Ransomware is optimized to carry out devastating attacks on databases and servers. The most common delivery method for the 'Nomoneynohoney@india.com' Ransomware is through the use of corrupted plug-ins for Web design and e-shop platforms such as Magento and WordPress. When website administrators install one of these plugins, the 'Nomoneynohoney@india.com' Ransomware will be installed on the affected computer.
During the initial attack, the 'Nomoneynohoney@india.com' Ransomware will try to encrypt databases and indexes as a priority. The 'Nomoneynohoney@india.com' Ransomware will target documents, images, audio, video, and other types of files that are less than 20MB in size, although this will occur on a separate threat, clearly subordinate to the main priority of encrypting the types of files that could take down an entire website when compromised. The 'Nomoneynohoney@india.com' Ransomware shares many of the characteristics of its previous known variants of Crysis, which can be evidenced in the list of file types that it will target during its attack:
.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.
The files affected by the 'Nomoneynohoney@india.com' Ransomware will be renamed to include the 'Nomoneynohoney@india.com' Ransomware email address and a new file extension.
The Not-So-Cheap Ransom Amount Demanded by the 'Nomoneynohoney@india.com' Ransomware
Victims of the 'Nomoneynohoney@india.com' Ransomware are asked to pay the equivalent of $800 USD through BitCoins to the creators of the 'Nomoneynohoney@india.com' Ransomware threat. PC security analysts do not advise computer users to pay the 'Nomoneynohoney@india.com' Ransomware's ransom. Paying this amount enables the people responsible for the 'Nomoneynohoney@india.com' Ransomware to continue monetizing their attacks, and developing threats like the 'Nomoneynohoney@india.com' Ransomware. There is also no guarantee that the con artists that have installed the 'Nomoneynohoney@india.com' Ransomware on your computer will do what they promise and provide the decryption key after they receive the payment. Computer users are encouraged to take preventive measures to protect their data from encryption ransomware Trojans. The best preventive methods, such as establishing a good backup system of all data, using strong security software that is fully up-to-date and good passwords and login credentials will only cost a fraction of what it would cost to ensure that the people responsible for the 'Nomoneynohoney@india.com' Ransomware attack will provide the decryption key.
