NEVADA is ransomware that targets both Windows and Linux operating systems. It was developed using the Rust programming language. The NEVADA Ransomware works by encrypting fundamental files and appending a '.NEVADA' extension to each affected file. In addition, a ransom note in the form of a 'readme.txt' file is dropped in the folders containing the encrypted files. The filenames are changed to reflect the encryption; for example, '1.jpg' would become '1.jpg.NEVADA,' '2.doc' to '2.doc.NEVADA.' The NEVADA Ransomware is marketed and distributed using the Ransomware-as-a-Service (RaaS) model, where cybercriminals sell access to the malware.
An Overview of NEVADA Ransomware's Demands
The ransom note delivered by the NEVADA Ransomware informs victims that their files have been collected and encrypted. The victims are faced with a decision: pay a ransom to protect their reputation or risk losing valuable time and potentially their files. The note strongly advises against waiting and warns that if the victims do not contact the cybercriminals within three days, the encrypted files will be posted on a dedicated leak website hosted on the TOR network. The attackers also caution against trying to recover the files from backups, as this will not prevent a potential leak.
The victims are advised not to delete or rename the encrypted files, as well as not to use any public decryption tools, as they may contain malware. Instead, they are told to download the TOR browser and use a specific link provided in the ransom note to communicate with the cybercriminals.
The Best Steps to Take Following an Attack from Threats like the NEVADA Ransomware
The first step computer users victimized by a ransomware attack should take is to isolate the infected device to prevent the malware from spreading to other devices on your network. Then, you should run a scan with a reputable anti-malware solution to remove any ransomware threats from the breached device.
If the attackers have encrypted your files, you should not pay the ransom as this may not guarantee the return of your data and also can encourage further ransomware attacks. Instead, you should attempt to restore the encrypted files from backups or look into other possible data recovery methods if you do not have a suitable backup.
The full text of NEVADA Ransomware's note is:
'Greetings! Your files were stolen and encrypted.
You have two ways:
-> Pay a ransom and save your reputation.
-> Wait for a miracle and lose precious time.
We advise you not to wait.
After 2 days of your silence we will make call your superiors and notificate them about what's happened.
After another 2 days all your competitors will be informed about your decision.
Finally, after 3 days we will post your critical data on our TOR-website.
If you are going to recover your files from backupsa and forget this like a nightmare, we are hurry to inform you - you can't prevent a leak.
-> Don't delete/rename encrypted files
-> Don't use any public "decryptor", they contain viruses.
You have to download TOR browser.
To contact with us your can use the following link:
The cat is out of the bag.'