Threat Database Ransomware Nacro Ransomware

Nacro Ransomware

By GoldSparrow in Ransomware

Malware experts have uncovered a new ransomware threat circulating the Web recently. The name of this file-locking Trojan is Nacro Ransomware. When this threat was dissected, it became clear that this is yet another variant of the infamous STOP Ransomware.

Propagation and Encryption

It is not known yet what are the infection vectors employed by the authors of the Nacro Ransomware to spread their threatening creation. Some researchers believe that some of the propagation methods involved in the spreading of the Nacro Ransomware may be mass spam email campaigns, bogus application updates and fake pirated variants of popular software. When the Nacro Ransomware manages to compromise a host, it will start off the attack by performing a quick scan. The scan will reveal the locations of the files, which the Nacro Ransomware was programmed to go after. When the scan is completed, the Nacro Ransomware will start locking all the targeted files. The newly encrypted files' names will be altered as this threat appends a '.nacro' extension to the end of the filenames of all the affected files. For example, a photo, which was named 'Onyx-Eyes.jpg' initially will be renamed to 'Onyx-Eyes.jpg.nacro.'

The Ransom Note

When the encryption process is through the Nacro Ransomware will drop a ransom note. The ransom note's name is '_readme.txt' and it states:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Our Telegram account:
Mark Data Restore

Your personal ID:’

The authors of the Nacro Ransomware state that they want $980 as a ransom fee. However, they also claim that victims who manage to get in touch with them within 72 hours of the attack will have to pay $490. There are two email addresses given out as a means of contacting the cyber crooks responsible for the Nacro Ransomware – '' and '' There also is Telegram contact details provided - @datarestore. As a means of proving to the user that they have a working decryption key, the criminals offer to decrypt one file free of charge.

We would recommend you strongly to avoid contacting shady individuals like the ones behind the Nacro Ransomware. Nothing good will come out of it. Instead, download and install a legitimate anti-malware tool, which will remove the Nacro Ransomware from your computer safely.


Most Viewed