Threat Database Ransomware NHLP Ransomware

NHLP Ransomware

By CagedTech in Ransomware

NHLP Ransomware is the name of a data-locker that belongs to the notorious Dharma Ransomware family. It is not a surprise that cyber crooks have spawned yet another copy of the Dharma Ransomware – this is one of the most active ransomware families in the world.

Propagation and Encryption

The NHLP Ransomware appears to go after a very wide assortment of filetypes. As a result of the NHLP Ransomware infiltrating your system, it is likely that all your images, documents, audio files, videos, databases, archives, presentations, spreadsheets and others. When the NHLP Ransomware encrypts a file, it will append a brand-new extension to it –' .id-.[newhelper@protonmail.ch]. NHLP.' For example, a file that was originally named 'white-tile.png' will be renamed to 'white-tile.png.id-.[newhelper@protonmail.ch]. NHLP.' As you can see from the extension name, the NHLP Ransomware generates a unique victim ID for every user as this aids the attackers in differentiating between the victims. The NHLP Ransomware is likely distributed via phishing emails. These fraudulent emails would either contain a corrupted link, or a macro-laced attachment, which would infect the computer once launched. Other commonly used propagation methods include torrent trackers, bogus social media posts, corrupted advertisements, fake application updates, etc.

The Ransom Note

The NHLP Ransomware drops a ransom note that is named 'FILES ENCRYPTED.txt.' The attackers do not go into much details in the ransom message. The authors of the NHLP Ransomware claim that all the damage done to the users' data is reversible as long as they pay the ransom fee demanded. However, the attackers do not make it clear what the ransom fee is. The user is required to get in touch with the creators of the data-locker via email – ‘newhelper@protonmail.com' and ‘newhelper@cock.li.'

It is not recommended to contact cybercriminals, as they are not trustworthy individuals. Even paying up does not guarantee that you will recover your files. This is why it is best to remove the NHLP Ransomware from your system with the assistance of a reputable, modern PC security suite.

Trending

Most Viewed

Loading...