Threat Database Ransomware Negozl Ransomware

Negozl Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 501
First Seen: June 22, 2016
Last Seen: July 14, 2022
OS(es) Affected: Windows

The NegozI Ransomware is an Encoding Trojan that is used to lock the data of users and direct them to send 5 Bitcoins to a predefined wallet address. For your information, 5 Bitcoins are equal to $3,300 which is a small fortune for most users and small businesses. The NegozI Ransomware is a severe cyber threat to individual users and poorly configured networks, but it is not on the same level as the KimcilWare and the Dr Jimbo Ransomware. It appears that the malware actors behind the NegozI Ransomware cannot limit their greed and might use spam bots, malicious links, compromised cThe Negozl Ransomware is a ransomware Trojan. Encryption Trojans are designed to encrypt their victims' files and then demand an outrageous ransom to restore the files. Files that have been encrypted by the Negozl Ransomware become inaccessible, meaning that the Negozl Ransomware essentially takes the victim's computer hostage and keeps it prisoner until the victim agrees to pay the ransom. The Negozl Ransomware can be identified easily because the files that have been encrypted by it will have the extension '.EVIL,' which has led to some sources referring to the Negozl Ransomware as the '.evil ransomware' or '.evil virus'. The Negozl Ransomware has been linked to the email address, which is included in the Negozl Ransomware's ransom note. PC security analysts have observed numerous similarities between the Negozl Ransomware and another ransomware Trojan known as Sanction. Both use very similar ransom notes and attack strategies and, in fact, it is very likely that the Negozl Ransomware and the Sanction Ransomware are both operated by the same con artists.

The Negozl Ransomware – New Name, Old Extortion Tactic

The Negozl Ransomware scans all files on the victim's computer, searching for files that match a list of file extensions contained in the Negozl Ransomware's configuration files. The following are some examples of file extensions that the Negozl Ransomware will search for when carrying out its encryption of the victim's files:

.3gp .apk .asm .avi .bmp .cdr .cer .chm .ckp .conf .cpp .css .csv .dacpac .dat .db3 .dbf .dbx .dcx .djvu .doc .docm .docx .epub .fb2 .flv .gif .ibooks .iso .java .jpeg .jpg .key .md2 .mdb .mdf .mht .mhtm .mkv .mobi .mov .mp3 .mp4 .mpeg .mpg .mrg .pdf .php .pict .pkg .png .pps .ppsx .ppt .pptx .psd .rar .rbw .rtf .sav .scr .sql .sqlite .sqlite3 .sqlitedb .swf .tbl .tif .tiff .torrent .txt .vsd .wmv .xls .xlsx .xml .xps .zip.

Apart from encrypting the victim's files, the Negozl Ransomware will drop files in the directories containing encrypted content. These files store the Negozl Ransomware's ransom note, which reads as follows:

'All your files have been encrypted with NegozI Ransomware.
For each file unique ,strong key. Algorithm AES256
All your attempts to restore files on their own, lead to the loss of the possibility of recovery and we are not going to help you.
All your actions are traced and known to us.
If you do not make payment within 5 days, you will lose the ability to decrypt them.
Make your Bitcoin Wallet on: , or
How to buy /sell and send Bitcoin:
After the payment, send the wallet from which paid and your uniq ID to mail :
After receiving the payment, we will contact and give you decryption tools and faq how to decrypt your files.'

The Negozl Ransomware demands an outrageous ransom amount of five BitCoin. However, it is likely that the quantity of the payment varies depending on the severity of the attack and the profile of the victim. Regardless, PC security analysts strongly advise computer users against paying the Negozl Ransomware ransom. Once you have paid the ransom amount, you have no guarantee that the people responsible for the Negozl Ransomware will honor their word and return your access to your files. Instead, computer users should recover their files from a backup.

Dealing with the Negozl Ransomware

The best thing computer users can do to protect their computers from ransomware like the Negozl Ransomware is to backup all of their files on an external memory device or the cloud. Having a good backup of all files makes computer users invulnerable to the Negozl Ransomware and similar attacks since they can simply recover their files from the backup rather than having to pay the ransom and wait for the con artists to keep their word. A good anti-malware program will also help to ensure that the Negozl Ransomware and other threats are detected before it enters your computer.


Most Viewed