The Niros Ransomware is a file-locking Trojan that blocks media on Windows computers, such as documents and holds them for a ransom. It includes a pop-up ransom note with a padlock image and a countdown but omits the extra extensions that similar threats usually add to files' names. Most anti-malware programs should delete the Niros Ransomware, and users should always preserve their files for recovery by backing them up to other devices.
A Trojan's Familiar-Sounding 'Cry' for Bitcoins
Old Trojans might not be dead – at least, in appearances, while their code remains a hot topic for speculation. The Niros Ransomware is an independent threat that bears more than a little resemblance to the thoroughly-publicized attacks of the WannaCry or WannaCryptor Ransomware. The similarity is in what the victim sees and also doesn't see – such as the history behind its payment method.
Many of the Niros Ransomware's features aren't stand-out in their functionality, particularly. The Trojan is Windows-compatible and blocks media of formats like documents by encrypting them (it asserts, with AES-256). The Trojan doesn't add extensions to the files' names, which is mildly notable.
The Niros Ransomware's ransom note is a pop-up HTA window similar to that of the old WannaCryptor Ransomware and includes the countdown for the ransom but uses a simplified text field for the wallet. The history of this wallet shows past connections to old WannaCryptor Ransomware campaigns and numerous transactions of significant value, but malware experts don't see any Bitcoin amounts that match the Niros Ransomware's current demands of 300 USD.
Victims should be cautious about paying these fees since criminals might not provide a decryptor and may even tactic users with additional attacks.
What Else Happens Behind a Bitcoin-Grabbing Pop-Up
Malware researchers haven't confirmed the Niros Ransomware's removing the Restore Points, even though most threats of this type do so. Ideally, users have backups of any irreplaceable files on other devices, canceling out the intimidation behind the Niros Ransomware's ransom demand. As in most, but not all cases, the Niros Ransomware is the most concerning for Windows users and media formats like images, documents, movies, or audio.
Some attacks that malware researchers are pointing out include:
- Deleting security zone settings
- Deleting proxy settings
- Disabling the Registry Editor
- Disabling Task Manager
It implements all these changes by altering the Registry – and, ironically, includes one edit that also disables the Registry Editor, which uses could use for reversing them without much difficulty.
Users should follow Microsoft recommendations for repairing the Registry and prioritize disinfecting their PCs before recovering files. Most cyber-security programs can remove the Niros Ransomware, and appropriate backups can recover any files without the premium decryption.
Although there's little telling how the Niros Ransomware is infecting Windows users, the same guidelines as always can help cut down on any attacks. Avoid unsafe Web-browsing behavior, such as opening suspicious e-mails or downloading illegal torrents, for keeping files safe from aggressive threat actors.