No_More_Ransom Ransomware

The No_More_Ransom Ransomware is an encryption ransomware Trojan first observed on September 4, 2018. The No_More_Ransom Ransomware is one of the many variants that have been associated with Rapid, an RaaS platform (Ransomware as a Service). The No_More_Ransom Ransomware is an updated version of the Rapid 2.0 Ransomware that has not been modified much from the original. The way in which the No_More_Ransom Ransomware is being distributed to victims is through corrupted spam email attachments predominantly.

How the No_More_Ransom Ransomware Attacks a Computer

Criminals will send spam email messages with threats like the No_More_Ransom Ransomware to email lists gathered from websites and marketing companies. These messages will often contain a DOC or PDF file attachment with embedded macros designed to download and install the No_More_Ransom Ransomware onto the victim's computer. Once the No_More_Ransom Ransomware is installed, it will run in the background and encrypt the victim's files. The No_More_Ransom Ransomware targets the user-generated files, which may include numerous media file types, documents, images, databases and various other file types. There are below some examples of the files that threats like the No_More_Ransom Ransomware target in these attacks, which are:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The No_More_Ransom Ransomware encrypts the files and marks them with the file extension '.no_more_ransom' added to the file's name. The No_More_Ransom Ransomware will deliver a ransom note in the form of a text file that contains the following message:

'Hello, dear friend!
All your files have been ENCRYPTED
Do you really want to restore your files?
Write to our email - [random email aaddress]
and tell us your unique ID - ID-[random characters]'

The No_More_Ransom Ransomware ransom notes are typically TXT files that may be named 'recovery.txt' or 'How Recovery Files.txt.' The criminals responsible for the No_More_Ransom Ransomware attack have used several email addresses. The following are some of the emails that have been associated with the No_More_Ransom Ransomware attack:

ataprof@cock.li
auditt@cock.li
dataprof@cock.li
fastsupport@cock.li
file.wtf@protonmail.com
hersgory@india.com
maxspeed@tutamail.com
patapuck@india.com
sofrdecrypt@firemail.cc
wolksvagen@protonmail.com

Dealing with the No_More_Ransom Ransomware

The purpose of the No_More_Ransom Ransomware is to make the victim's files inaccessible completely. This is why the best protection against the No_More_Ransom Ransomware and similar threats is to have file backups stored on password-protected devices. Having file backups ensures that computer users can recover their data without having to negotiate with the criminals responsible for the attacks. Apart from file backups, PC security researchers also advise computer users to have a proven security program to protect their data from this and other ransomware Trojans, which are being used to attack computer users actively.