Nermer Ransomware

Nermer Ransomware Description

The Nermer Ransomware is a new threat, potent enough to cause devastating damage on any computer system it manages to infect. The Nermer Ransomware is a variant of the previously detected BigLock Ransomware. Nermer will initiate a strong encryption process that will render the user's files inaccessible. The locked information will effectively be taken as a hostage and the hackers will then extort their victims for money. 

All files encrypted by the threat will be marked by having '.nermer' appended to their original names as a new file extension. Upon completing the file encryption routine, Nermer will deliver its ransom note containing instructions for the victims. The message will be dropped as text files named 'PROTECT_INFO.TXT.' 

According to the note, Nermer Ransomware employs a combination of the AES cryptographic algorithm and the CHACHA cipher to lock the targeted files. To decrypt the data, users need to have the RSA private key that the hackers possess. The ransom note doesn't mention any payment details so affected users are directed to establish contact through a dedicated website created on the Tor network. The only way to open the site is through the Tor browser. The hackers behind Nermer Ransomware promise to decrypt a single file for free as a demonstration of their ability to restore the user's data. 

The full text of the note is:

'############## YOUR FILES WERE ENCRYPTED  ##############

########### AND MARKED BY EXTENSION .nermer ############

--

YOUR FILES ARE SAFE! ONLY MODIFIED :: ChaCha + AES

WE STRONGLY RECOMMEND you NOT to use any Decryption Tools.

These tools can damage your data, making recover IMPOSSIBLE.

Also we recommend you not to contact data recovery companies.

They will just contact us, buy the key and sell it to you at a higher price.

If you want to decrypt your files, you have to get RSA private key.

--

To get RSA private key you have to contact us via the link below, located in the TOR private network.

Using this link you can get all the necessary support and make payment.

You just have to download and install the TOR browser (google it) via official site

>> hxxp://dqybwoze7ow3xlamurpfppai4pd6lwybwix2nbhyhcnpsuj3yv32mnyd.onion/index.php <<

--

If you have any problems with TOR browser, email us: >><<

and send us your id: >> {-} <<

--

HOW to understand that we are NOT scammers?

You can ask SUPPORT for the TEST-decryption for ONE file!

--

After the successful payment and decrypting your files, we will give

you FULL instructions HOW to IMPROVE your security system.

We ready to answer all your questions!

--

################ LIST OF ENCRYPTED FILES ###############.'