NIGHT CROW Ransomware

Researchers have made a significant discovery regarding a new dangerous malware. They identified a new strain of ransomware known as 'NIGHT CROW.' This malicious software is specifically engineered to infiltrate computer systems, encrypt valuable data, and then demand a ransom in exchange for providing the decryption key.

Upon infecting a victim's computer, NIGHT CROW goes to work by encrypting various files and appending a distinctive extension to their filenames. For instance, if a file was originally named '1.jpg,' after being encrypted by NIGHT CROW, it would appear as '1.jpg.NIGHT_CROW.' This process is systematically repeated for each compromised file, with the '.NIGHT_CROW' extension clearly indicating the involvement of this particular ransomware. Furthermore, NIGHT CROW leaves a ransom note named 'NIGHT_CROW_RECOVERY.txt' on the infected devices.

NIGHT CROW Ransomware Can Impact A Wide Range Of Files

The message delivered by NIGHT CROW to its victims carries several important points. Firstly, it informs the victim that their files have undergone encryption, potentially causing distress or concern. However, it also offers a reassuring note by stating that the encrypted data is recoverable, potentially alleviating some anxiety.

The ransom note then proceeds to instruct the victim on the payment process, demanding a relatively small sum of 0.000384 BTC (Bitcoin cryptocurrency) as ransom. At the time of the ransom note's creation, this amount equated to roughly 10 USD, a notably low figure compared to typical ransomware demands. It's worth noting that cryptocurrency exchange rates are known for their volatility, so the value may have been different when NIGHT CROW was initially developed, and it may change in the future.

It's important to consider that the seemingly low ransom amount could serve a deliberate purpose. NIGHT CROW might have been released for testing or demonstration purposes, with the intention of refining its capabilities in subsequent versions that could potentially demand significantly larger ransoms.

However, it's crucial to recognize the inherent risks associated with paying a ransom to cybercriminals. Decryption is often reliant on the attackers' cooperation, and there is no guarantee that victims will receive the necessary decryption keys or tools even after complying with the ransom demands. This lack of assurance, combined with the ethical and legal concerns surrounding ransom payments, makes it strongly advisable against paying ransoms. Doing so not only fails to guarantee data recovery but also perpetuates and supports criminal activities in the cyber realm.

Take Steps To Ensure The Safety Of Your Devives Against Malware Threats

Ransomware attacks have surged in prevalence, representing a grave menace to the integrity of both personal and corporate data. These attacks commonly entail malicious actors infiltrating a system and encrypting vital files, effectively keeping them under lock and key until a ransom is surrendered. Thankfully, there exist multiple measures that both individuals and entities can implement to thwart or alleviate the consequences of a ransomware attack.

Install Reliable Security Software: Start by installing reputable anti-malware software on your device. Ensure it offers real-time protection and regular updates to detect and prevent malware infections.

Keep Operating Systems Updated: Regularly update your device's operating system (e.g., Windows, macOS, Android, iOS) and all software applications. Updates often include security patches that protect against known vulnerabilities.

Enable Firewall Protection: Activate your device's built-in firewall or install a third-party firewall to monitor incoming and outgoing network traffic. Firewalls can help block suspicious activity.

Exercise Caution with Email Messages: Be cautious when opening email attachments or clicking on links in emails, especially if they are from unknown or suspicious sources. Many malware infections originate from email attachments.

Use Strong, Unique Passwords: Create strong, unique passwords for all your accounts and change them regularly. Consider using a password manager to help generate and store complex passwords securely.

Enable Two-Factor Authentication (2FA): Whenever possible, enable two-factor authentication for your online accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.

Educate Yourself and Be Wary: Stay informed about the latest malware threats and tactics. Be cautious when clicking on pop-up ads, visiting sketchy websites, or downloading files from untrusted sources.

Regularly Back Up Your Data: Create regular backups of your important files and data. Ensure that these backups are stored on an external device or in the cloud and that they are not connected to your main device all the time to prevent ransomware attacks.

The ransom note left to the victims of NIGHT CROW Ransomware is:

NIGHT CROW IS HERE.

Hey! All of your documents, personal and other files are encrypted by NIGHT CROW RANSOMWARE.
But don't worry, we got you! All of your files are recoverable, but you need to pay.

Looks like you didn't waste a few money on a good protection for you pc, and here's the result.

HOW TO RECOVER YOUR FILES:
1) SEND 0,000384BTC TO 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV
2) CONTACT nightcrowsupport@protonmail.com

IMPORTANT INFORMATION:
1) Do not rename any encrypted files.
2) Do not change any regedit values.
3) Do not try to decrypt by yourself.