Nakw Ransomware

Ransomware is among the nastiest types of malware. These threats are often distributed via spam e-mails, then use an encryption algorithm to lock all the data on the infected host while also extorting them for money. Most cyber crooks that distribute ransomware threats do not build them from scratch but rather take most of the code from existing data-locking Trojans. Such is the case of the Nakw Ransomware. The file-encrypting Trojan, the Nawk Ransomware, is a variant of the STOP Ransomware. The STOP Ransomware family has been the most popular ransomware family in 2019, arguably.

Propagation and Encryption

There are numerous ways to propagate ransomware threats. One of the most universally preferred methods is spam e-mails, as we already mentioned. The bogus e-mails often contain a specifically crafted message, which is meant to trick the target into launching the corrupted attachment, which accompanies the email. Another popular method is utilizing fraudulent application updates to propagate ransomware threats. When the Nakw Ransomware compromises a host, it will scan the data present on the PC. Most threats of this type are built to target the most popular filetypes, as almost every user is guaranteed to have them on their system. This includes .jpeg, .jpg, .doc, .docx, .xls, .xlsx, .pdf, .mp3, .mp4, .mov, .png, files among many others. Then, the Nakw Ransomware will begin its encryption process, which will make sure to lock all the targeted data. All the files encrypted by the Nakw Ransomware will have their names changed as this threat appends a '.nawk' extension to the names of the files. For example, an audio file that was originally called 'white-beast.mp3' will be renamed to 'white-beast.mp3.nawk' when the encryption process has been completed.

The Ransom Note

In the next phase of the attack, the Nakw Ransomware will drop a ransom note named '_readme.txt.' The ransom fee is $980, but according to the attackers, all victims who contact them within 72 hours will be given a 50% discount, which will knock down the price to $490. To prove to the user that they are able to unlock their files, the attackers offer to decrypt one file for free. The ransom note also contains two e-mail addresses where the attackers expect to be contacted – ‘gorentos@bitmessage.ch' and ‘gerentoshelp@firemail.cc.'

Malware researchers advise against attempting to cooperate with cyber crooks. This ends well rarely. Cybercriminals are known for their greed and disregard for honesty, thus, many victims who pay up are still left empty-handed after the exchange. If you want to remove the Nakw Ransomware from your system, make sure to download and install a reputable anti-virus tool that will wipe off this threat from your computer and protect it going forward.