NoWay Ransomware
NoWay is a ransomware threat that has been designed to encrypt files and make them inaccessible to their owners. Then, the NoWay Ransomware malware generates a ransom note located in a file named 'Unlock your file Instraction.txt.' After the encryption, the NoWay Ransomware renames the affected files by replacing their filenames with a string of random characters. Finally, the extension ".noway" is added to the filenames. As an example, a file originally named "1.jpg" becomes "611hbRZBWdCCTALKlx.noway", a "document.txt" file becomes "hp7bhUOBhwRRPPuwi7r9.noway" and so on.
Usually, victims can recover their files only from a secure backup. It is strongly recommended not to interact with the malware operators or pay a ransom because chances are very high for you to get tricked, as the threat actors may never provide a decryption tool even after receiving your payment. Fortunately for all victims of the NoWay Ransomware, the files locked by this particular ransomware can be decrypted at no cost using a decryption tool available online.
The ransom note sounds very familiar. It states that the user’s data has been locked through a strong AES-256 encryption algorithm. The attackers give victims a 72-hours period to pay the required ransom by transferring $250 in Bitcoins to the provided wallet. After the payment, the transaction ID must be sent to michael.adler@swsemarketing.ca, and the user should receive a decryption key. As long as the 72 hours have passed, the cybercriminals claim that the private key would be permanently deleted from their servers.
The ransom note contains the following text:
'All your files have been Encrypted with the AES-256 encryption algorithym
making your files inaccessible. I will show you how to get them back.
You have 72 hours starting from now to pay your ransom before your
private key is deleted from our servers permenantly, making your files
inaccessible forever, If you try to damage, remove or tamper with this
software in any way your key will self destruct.
Instructions to recover your files :
1. Go to hxxps://login.blockchain.com/#/signup or any website where you can buy bitcoin and set up a new wallet.
2. Purchase 250$ of bitcoins .
3. Send 250$ of bitcoins to the address : 3GfbwCbTJXFLmLBL8E59YJdhs9uftLfSM5
4. then send your transaction ID to : michael.adler@swsemarketing.ca
to get your decryption key for your files.'
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | install_sb_en[1].exe | 37edf7653630173ffdfb3bbd93e86636 | 0 |
2. | pgs.exe | 8655fce0df250f369b960b434e4712b6 | 0 |