Ner Ransomware
Computer users may be terrified when they got infected with a threat named Ner Ransomware because they will be prevented from accessing their data. Documents, images, and other file kinds will be inaccessible and their names are now different because they have the '.ner' file extension appended at the end of their previous names. Ransomware threats are very common nowadays because it is an easy way to earn illegal profit and cybercrooks take advantage of it.
After the victims' files are encrypted, the people behind the Ner Ransomware infection will create a ransom note in a file named '!!!HOW_TO_DECRYPT!!!.txt which, among other instructions, asks the victims to contact them by using the email addresses thetan@nerdmail.co and thetan@jitjat.org and writing '|your MachineID: –——————————|and LaunchID: –' in the subject line. The ransom note does not specify the ransom amount or the currency that should be used. The good notice is that the victims can send three small files, which the attackers will decrypt without cost to prove that they can decrypt the victims' dat
Computer users that are dealing with a ransomware infection should not consider paying the ransom and should only contact the attackers to send the three files to be decrypted, if necessary. Because, otherwise, they may end up without their money and their data. What they should do is, in the first place, remove the Ner Ransomware from their machines by using a trustworthy anti-malware tool and then recovering their data from an up-to-date backup, if available, or trying to find other decryption options.
The ransom note generated by the Ner Ransomware reads:
'All your valiable data has been encrypted!
–
Hello! Sorry, but we have inform you that your order has been blocked due to the issue of securities. Make sure your data is not blocked.
All your valuable files were encrypted with strong encryption algorithms and renamed.
Your unique encryption key is stored securely on our server and your data can be decrypted quickly and securely.
–
We can prove that we can decrypt all of your data. Please just send us 3 small encrypted files which are randomly stored on your server.
We will decrypt these files and send them to you as a proof. Please note that files for free test decryption should not contain valuable information.
–
All of your confidential data was uploaded to our servers.
If you will not start a dialogue with us in 72 hourswe will be forced to publish your files in the public domain. Your customers and partners will be informed about the data leak by email or phone.
This way, your reputation will be ruined. If you will not react, we will be forced to sell the most important information such as databases to interested parties to generate some profit.
–
If you want to resolve this situation, please write to ALL of these 2 email addresses:
* thetan@nerdmail.co
* thetan@jitjat.org
In subject line please write: |your MachineID: –
——————————|and LaunchID: –
–Important!
* We asking to send your message to ALL of our 2 email adresses because for various reasons, your email may not be delivered.
* Our message may be recognized as spam, so be sure to check the spam folder.
* If we do not respond to you within 24 hours, write to us from another email address. Use Gmail, Yahoo, Hotmail, or any other well-known email service.
* Please don't waste the time, it will result only additinal damage to your company!
* Please do not try to decrypt the files yourself. We will not be able to help you if files will be modified.'
