Nasoh Ransomware
The Nasoh Ransomware is a brand-new data-encryption Trojan which has recently been spotted by researchers. Once this threat was studied, it revealed to be a part of the infamous STOP Ransomware family.
Propagation and Encryption
There has been no consensus regarding the propagation methods used by the creators of the Nasoh Ransomware. Some cybersecurity experts state that we are likely looking at the most common techniques for propagating threats of this type. This means that the authors of the Nasoh Ransomware have likely employed spam emails containing macro-laced attachments, fake application updates, and pirated bogus copies of popular software tools to spread their malicious creation. Once the Nasoh Ransomware infiltrates a PC, it will start the attack with a quick scan. The scan is meant to locate all the files which the Nasoh Ransomware was programmed to target. Usually, ransomware threats go after all the popular filetypes which any user will have on their system such as ‘.mp3,’ ‘.doc,’ ‘.jpeg,’ ‘.mov,’ ‘.ppt,’ ‘.gif,’ ‘.png,’ etc. Once the Nasoh Ransomware locks a file, it will also change its name. This ransomware threat adds a ‘.nasoh’ extension to all the newly encrypted files. This means that a photo you had initially named ‘lost-peridot.jpeg’ will have its name altered to ‘lost-peridot.jpeg.nasoh’ once it has undergone the encryption process of the Nasoh Ransomware.
The Ransom Note
In the next phase of the attack, the Nasoh Ransomware will drop a ransom note named ‘_readme.txt’ which reads:
'ATTENTION!
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-dIIHZji8hl
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
gorentos2@firemail.cc
Your personal ID:'
The ransom fee demanded by the creators of the Nasoh Ransomware is $980. However, they claim that all users that get in touch with them within 72 hours of the attack will get a 50% discount, which means they will have to pay $490. There are two email addresses provided to the victims – ‘gorentos@bitmessage.ch’ and ‘gorentos2@firemail.cc.’ The authors of the Nasoh Ransomware say that they are willing to unlock one file free of charge as proof that they have a functioning decryption key.
It is advisable to keep your distance from cyber crooks like the ones behind the Nasoh Ransomware. Such individuals tend to make promises on which they rarely deliver. It is much safer to download and install a legitimate anti-spyware tool and use it to remove the Nasoh Ransomware from your PC once and for all.
