N1n1n1 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 8 |
| First Seen: | September 7, 2016 |
| Last Seen: | February 3, 2020 |
| OS(es) Affected: | Windows |
The N1n1n1 Ransomware is an Encryption Trojan that uses a combination of the AES and RSA ciphers to encrypt data. The N1n1n1 Encryption Trojan targets commonly used data containers and demands a ransom of 1,5 Bitcoins to release the decryption key. Computer users may encounter the N1n1n1 Ransomware via spam mail attachments and corrupted links. Victims of the N1n1n1 Ransomware will be directed to write to strongonion@sigaint.org from an account on Google and download the TOR Browser to access the payment portal.
Users that have been infected with the N1n1n1 Ransomware will notice that their video, audio, image, and text files are not acceptable and have a new file extension. The N1n1n1 Ransomware is named after the suffix it uses to mark objects it has modified. For example, the file wow_leagion_soulreaper.png will be changed to wow_leagion_soulreaper.png.n1n1n1. At that point, no image viewer will be able to load the content of wow_leagion_soulreaper.png.n1n1n1 as long as it is encrypted. The N1n1n1 cryptomalware will drop how return files.txt on the victim's desktop with the following content:
'If you don't speak English then use public online translators https://translate.google.com or https://www.bing.com/Translator or https://www.translate.com.
Your files encrypted.
To decrypt and return control to all your encrypted files you need:
1) Go to [direct link to the TOR Browser installer]. Download Tor browser for windows.
If you can't open this page, then go to [link to the main page of the TOR project] and click on button Download.
It will redirect you to page where you can find "Tor Browser for Windows". Download it. If you still can't download or run tor browser then download, unpack and run the most stable tor browser version here: [link to Google Drive]
2) Install it and run it.
3) Type in the address bar [link to an .onion domain] open our secret website.
4) Secret website will ask you to input your public key.
5) Enter your public key and follow the instructions.
Your public key:
[your key]
If you have any problems while downloading or installing tor browser or opening secret tor site then
If you have antivirus then remove or disable it (antivirus can prohibit open tor browser) or try use other computer.
Don't forget that you can browse www.youtube.com and search videos with tor browser installation process.
If you still can't open this secret page then
1) Go to [link to Gmail] (use your usual browser: (firefox, google chrome, ...)
2) If you don't have ...@gmail account then sign up. You will get Google (gmail) account.
3) Compose letter and send it to strongonion@sigaint.org
In letter you need type us your public key (see public key above).
4) Soon (in 1 or 2 days), we will send you instructions what you need to do to decrypt your files.
Small remark:
You can compose and send letter using other mail provider (...@aol.com ...@yahoo.com or other)
but we DON'T RECOMMEND you to do it because we are not sure that we will receive your letter!'
As stated above, users will be welcomed to write an email to strongonion@sigaint.org and transfer Bitcoins to a certain wallet address. Security authorities do not encourage payment of the ransom because the release of a decryptor is not guaranteed or it might not work properly. The experience of experts suggests that the operators of the N1n1n1 Ransomware are not likely to send a functional decryption tool to users that paid for their files to be returned to normal. Instead of losing hundreds of dollars and your files you should reach out to backups and archives. The best practice against threats like the N1n1n1 Ransomware involves using backup tools like Google Drive and Dropbox. Keep in mind that you will require clean backups and a trusted anti-malware instrument to restore your data and remove the N1n1n1 Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.