Threat Database Ransomware Neras Ransomware

Neras Ransomware

By GoldSparrow in Ransomware

Recently, malware researchers spotted another data-encrypting Trojan. It is called the Neras Ransomware and when further dissected it became apparent that this ransomware threat is a variant of the infamous STOP Ransomware.

It not possible to confirm what propagation method has been employed in spreading the Neras Ransomware. However, it has been speculated that the authors of the Neras Ransomware may be using emails containing infected attachments, bogus application updates, and corrupted pirated software as the means of spreading their creation. If this file-locking Trojan infiltrates a machine successfully, it will scan it to determine the locations of the files, which it has been programmed to go after. Once this step is completed, the Neras Ransomware will begin encrypting the data targeted. When the Neras Ransomware locks a file, it applies an additional extension at the end of the filename ‘.neras.’

This means that if you had name a file ‘ocean-sunset.jpg’ originally, once it gets locked by the Neras Ransomware, its name would be altered to ‘ocean-sunset.jpg.neras.’ Needless to say, the file in any shape or form will no longer be usable. Then, the Neras Ransomware will drop a ransom note. Following the suite of most ransomware threats that belong to the STOP Ransomware, the name of the note is ‘_readme.txt.’ The note is very concise. The authors do not mention a specific sum regarding the ransom fee. The email addresses linked to variants of the STOP Ransomware are ‘’ and ‘,' therefore it is very likely that they may be used by the authors of the Neras Ransomware too.

It is never smart to contact cybercrooks so that we will advise you to stay away from the creators of the Neras Ransomware. Instead, you should download and install a legitimate anti-malware application, which would rid you of the Neras Ransomware.


Most Viewed