Nesa Ransomware

Nesa Ransomware Description

The STOP Ransomware continues to be the most active ransomware family at the moment – its list of members contains over a hundred names, and all of them are active in various parts of the world, therefore maximizing the threat's reach and efficiency. One of the recent entries to STOP's list of members is the Nesa Ransomware, a file-locker that targets a long list of file formats, and encrypts their contents by using a private encryption key generated randomly. The data necessary to complete the decryption of the victim's files is stored on the servers of the attackers, therefore ensuring that they are the only ones able to provide the information required to complete the decryption process.

Spotting the Nesa Ransomware's attack is not difficult because the Trojan will apply the '.nesa' extension to the names of the files (e.g. 'presentation.pptx' will be renamed to 'presentation.pptx.nesa'). Furthermore, it creates a file titled '_readme.txt' that is usually placed on the desktop – this is the typical ransom note used by the STOP Ransomware, and it contains instructions for the victim.

The attackers offer a decryptor in exchange for $490, and they ask to be contacted via gorentos@bitmessage.ch or gerentoshelp@firemail.cc for payment instructions and questions. They warn victims of the Nesa Ransomware that the price is valid for three days after the attack only, and the amount will be doubled after the deadline passes. Last but not least, the ransom note states that victims of the Nesa Ransomware can submit 2-3 files for free decryption – we advise you to accept this offer.

While the free decryption is acceptable, we assure you that you should not cooperate with the Nesa Ransomware's authors even if they prove that your data can be restored. The money you send will be used to develop more threatening ransomware, and there always will be a chance that the criminals might just take the money. The suggestion to victims of the Nesa Ransomware is to avoid cooperating with the attackers, and look for legitimate file recovery techniques.

Do You Suspect Your PC May Be Infected with Nesa Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Nesa Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.