The STOP Ransomware continues to be the most active ransomware family at the moment – its list of members contains over a hundred names, and all of them are active in various parts of the world, therefore maximizing the threat's reach and efficiency. One of the recent entries to STOP's list of members is the Nesa Ransomware, a file-locker that targets a long list of file formats, and encrypts their contents by using a private encryption key generated randomly. The data necessary to complete the decryption of the victim's files is stored on the servers of the attackers, therefore ensuring that they are the only ones able to provide the information required to complete the decryption process.
Spotting the Nesa Ransomware's attack is not difficult because the Trojan will apply the '.nesa' extension to the names of the files (e.g. 'presentation.pptx' will be renamed to 'presentation.pptx.nesa'). Furthermore, it creates a file titled '_readme.txt' that is usually placed on the desktop – this is the typical ransom note used by the STOP Ransomware, and it contains instructions for the victim.
The attackers offer a decryptor in exchange for $490, and they ask to be contacted via firstname.lastname@example.org or email@example.com for payment instructions and questions. They warn victims of the Nesa Ransomware that the price is valid for three days after the attack only, and the amount will be doubled after the deadline passes. Last but not least, the ransom note states that victims of the Nesa Ransomware can submit 2-3 files for free decryption – we advise you to accept this offer.
While the free decryption is acceptable, we assure you that you should not cooperate with the Nesa Ransomware's authors even if they prove that your data can be restored. The money you send will be used to develop more threatening ransomware, and there always will be a chance that the criminals might just take the money. The suggestion to victims of the Nesa Ransomware is to avoid cooperating with the attackers, and look for legitimate file recovery techniques.