EvilNominatus Ransomware

Cybercriminals are using the EvilNominatus Ransomware threat to lock the files of their victims and then extort them for money. The threat can affect all important file types, such as documents, spreadsheets, images, archives, databases and more. The EvilNominatus Ransomware threat also can be encountered as EvilNominatusCrypto or NominatusStrike.

When the threat encrypts a file, it also appends '-Locked' to that file's original name. Due to a peculiarity in its programming, the EvilNominatus Ransomware can sometimes encrypt the same file multiple times, resulting in several instances of '-Locked' being added to the file's name. Users also will be presented with a ransom note displayed in a newly generated pop-up window.

Demands Overview

According to the message left by the EvilNominatus Ransomware, the threat has deleted any of the default backups on the breached system, as well as disabled several crucial functionalities such as taskmgr, Regedit and more. The pop-up window contains a field where a code is supposed to be entered. The note warns that failing to input the right code within 3 tries could have severe consequences. Furthermore, it appears that this code is only for the removal of the malware threat from the user's device. To get the decryptor tool and key, victims are instructed to message the attackers' email at 'Bkhtyaryrwzbh@gmail.com.'

The message shown in EvilNominatus Ransomware's pop-up window is:

'Ransom.EvilNominatus.C

CryptoVirus Detected! Ransom.NominatusStrike

your files has been encrypted if you enter the wrong key 3 times we will make you see dark side if you want to restore your files Contact Bkhtyaryrwzbh@gmail.com

we deleted your backups, we disabled taskmgr, regedit and more if you think you can escape you are very stupid

Code: 

[GO AWAY!!]'