The NGSC Ransomware is an encryption ransomware Trojan. PC security researchers first received reports of the NGSC Ransomware Trojan in April 2019. The NGSC Ransomware is a variant in the Matrix Ransomware family, which has numerous variants because it is offered as a Ransomware as a Service (RaaS) platform. The NGSC Ransomware carries out an effective encryption ransomware attack, and computer users should take steps to keep their data safe from these infections.
Why the NGSC Ransomware Attacks a Computer
The NGSC Ransomware is delivered to victims is via corrupted spam email attachments. Once the NGSC Ransomware has been installed, this threat will use the AES and RSA encryptions to make the victim's files inaccessible, communicating with its Command and Control servers to complete its attack. The following are examples of the files that threats like the NGSC Ransomware target in these attacks:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The NGSC Ransomware attack makes the encrypted files easy to recognize because the NGSC Ransomware will add the file extension '.NGSC' to each file affected by the attack. Once the victim's files have been compromised, the NGSC Ransomware will demand that the victim communicate with the criminals via email and pay a ransom amount. The NGSC Ransomware delivers this message via an RTF file dropped on the infected computer's desktop. The NGSC Ransomware ransom note takes the form of a file named '!NGSC_INFO!.rtf' and asks that victims contact the criminals via the email address 'email@example.com.' Computer users should refrain from making this payment or communicating with the criminals in any way.
Protecting Your Data from Threats Like the NGSC Ransomware
The best way to protect your data from threats like the NGSC Ransomware is to have the means to restore any data compromised by the NGSC Ransomware attack. This is why having file backups is the best protection against most encryption ransomware Trojans, including the NGSC Ransomware. Having backups saved on the cloud or an external memory device ensures that computer users can restore any compromised files quickly without having to negotiate with the criminals. Furthermore, paying these ransoms will result in the data being returned rarely and puts the victims at greater risk for further attacks and tactics. Apart from file backups, computer users need to have a security program capable of intercepting and removing threats like the NGSC Ransomware. While these will not restore the compromised files, they can be useful in removing the NGSC Ransomware itself.