Nbes Ransomware

File-lockers continue to be a major problem near the end of 2019 – users have to worry about infamous ransomware families like the STOP Ransomware and the Dharma Ransomware, but they also have to take the necessary measures to protect their files from smaller file-locker projects. The STOP Ransomware is the most active ransomware family of 2019, undoubtedly, and it welcomed a new addition to the family recently – the Nbes Ransomware. This threat is not that different when compared to previous variants of the STOP Ransomware – it uses a flawless file-encryption algorithm that renders free data decryption tools useless, and wants its victims to pay a ransom fee of at least $490.

The Nbes Ransomware may be spread via phishing emails, fake downloads, torrent trackers, pirated movies, and other popular malware propagation tricks and methods. If a user ends up running the Nbes Ransomware on an unprotected computer, the threat may need just a little time to fulfill its purpose and encrypt the contents of images, documents, videos, archives, audio, databases and other files.

The STOP Ransomware's Reign Continues

Whenever the Nbes Ransomware locks a file, it will mark its name via the '.nbes' extension (for example, the file 'project.xlsx' would be renamed to 'project.xlsx.nbes').The contents of these files cannot be accessed, and the only way to get them back to normal is to restore them from a backup. If a backup is not available, victims of the Nbes Ransomware might need to resort to alternative data recovery options, but these may not always work as well as you'd want them to.

After the Nbes Ransomware completes its attack, it drops the ransom note '_readme.txt,' which also is used by many other variants of the STOP Ransomware. According to the message, victims must contact either helprestore@firemail.cc or datarestore@iran.ir for further details. The attackers claim that they can provide a decryption tool in exchange for a payment of $490 that must be completed via Bitcoin. They also claim to be willing to decrypt 1-2 files for free, so that the user will have undeniable proof that the data recovery process can be completed.

While we advise you to make use of the free decryption option, you should not agree to cooperate further with the Nbes Ransomware's authors. Sending money to ransomware operators is a terrible idea, and you may end up losing both your money and your files.