NIBIRU Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1 |
First Seen: | September 25, 2017 |
Last Seen: | December 13, 2018 |
OS(es) Affected: | Windows |
The NIBIRU Ransomware receives its name because in its attack is uses the executable file 'NIBIRU1.exe,' which has been found on infected computers. The NIBIRU Ransomware is an encryption ransomware Trojan that was first observed carrying out attacks on the public on September 17, 2017. There is very little to differentiate the NIBIRU Ransomware from the countless other encryption ransomware Trojans that are active today. The NIBIRU Ransomware is delivered via spam email attachments, which will use macro scripts to download and install the NIBIRU Ransomware onto the victim's computer. The NIBIRU Ransomware has some predecessors and may have been created by the same people responsible for the FTSCoder and other ransomware Trojans released previously in 2017.
Table of Contents
The NIBIRU Ransomware may Bring the Destruction of Your Files
The NIBIRU Ransomware will use the AES 256 encryption to make the victim's files inaccessible. The NIBIRU Ransomware will deliver a ransom note demanding that the victim pays a ransom amount to recover the infected files after encrypting the victim's files. The NIBIRU Ransomware ransom note is delivered in a program window with the name 'Hackers Invasion,' and on a file that is dropped on the infected PC's desktop. The NIBIRU Ransomware's tactic is to encrypt the victims' files and then demand the payment of a ransom for the decryption key, which is quite common and has been observed in countless other Trojans released in the last few years.
The NIBIRU Ransomware Ransom Demands
One surprising aspect of the NIBIRU Ransomware is the amount of its ransom payment. The NIBIRU Ransomware demands the absurd amount of 120,000 USD in Bitcoins in exchange for the decryption key. Most encryption ransomware Trojans demand ransoms that are between 500 and 1500 USD. This is not even done because of an unawareness of the Bitcoin exchange rate (which is the case with other encryption ransomware Trojans with ransom demands absurdly high) since the NIBIRU Ransomware's ransom note asks for the money in dollar amounts specifically, rather than Bitcoins. In fact, the NIBIRU Ransomware Trojan's ransom note demands 1 million USD in case the victim takes more than 54 hours to pay. It is difficult to know how much of the NIBIRU Ransomware ransom note and demands can be taken seriously. The NIBIRU Ransomware's 'Hackers Invasion' displays its ransom note in a program window, which the full text reads:
'HACKERS INVASION
YOU HAVE EVERY REASON TO PANIC, BECAUSE WE JUST DROPPED OUR "NUKES" ON YOU. YOU TEND TO LOOSE TENS OF MILLIONS OF DOLLARS
IF YOU DARE TAKE US WITH LEVITY. ALL YOUR IMPORTANT FILES, SCREEN, DOCUMENTS, DATAS, MP3S, AND VIDEO ARE HACKED/LOCKED FOR NOW.
WE ARE READY TO GIVE YOU THE KEY TO GET ALL YOUR FILES, DOCUMENTS AND YOUR LIFE BACK IF ONLY YOU PAY $120,000 WITHIN 54 HOURS. IF YOU DELAY YOU PAY $1 MILLION TO US.
[RANDOM CHARCTERS]
[MORE DETAILS|BUTTON] [CONTACT HACKERS|BUTTON]'
(1)Google Paxful.com (2)SIGN UP AND GET A BITCOIN WALLET (3)BUY $120,000 WORTH OF BITCOIN (4)PAY INTO OUR BITCOIN ADDRESS ABOVE (5)SEND THE PAYMENT PROOF TO OUR CONTACTS (6)YOU GET KEY
(1) HillaryTrump@protonmail.com
(2) James.cute@mail.com
ENTER KEY [TEXT BOX] [DECRYPT|BUTTON]'
The Bitcoin wallet that is associated with the NIBIRU Ransomware attack is invalid currently, meaning that victims cannot make any payment related to recovering from the NIBIRU Ransomware Trojan.
Recovering from a NIBIRU Ransomware Attack
Fortunately for computer users, it is possible to decrypt files affected by the NIBIRU Ransomware attack currently since the con artists have hard-coded the unlock password into the NIBIRU Ransomware. Computer users can recover from the NIBIRU Ransomware attack by entering the string 'AnikulapoFela70' into the NIBIRU Ransomware program window. Once the data has been restored, computer users should run a full scan of their computers with a security program that is fully up-to-date to ensure that no traces of the NIBIRU Ransomware or other threats remain on the infected computer.