The Nitro22 Ransomware is a hurtful threat that can be deployed against individual users, as well as corporate entities. The Nitro22 Ransomware is designed specifically to target a large set of file types, mostly ones containing important data, and lock them via an uncrackable cryptographic algorithm. Victims will lose access to their documents, PDFs, archives, databases, images, etc. The attackers will then extort their targets for money, in exchange for the potential restoration of the data.
As part of its intrusive actions on the breached device, the Nitro22 Ransomware also will modify the original names of the files it locks. It does so by appending '.nitro' to their names as a new extension. The malware will drop a text file named '#Decryption#.txt' onto the victim's device, while also changing the current desktop background with a new image. Both the new desktop wallpaper and the text file contain instructions from the attackers.
The background image will provide victims with two email addresses - 'firstname.lastname@example.org' and 'email@example.com,' as a way to contact the cybercriminals behind the Nitro22 Ransomware. However, the proper ransom note found inside the text file contains a lot more details. According to it, the operators of the threat run a double-extortion scheme where they collect confidential information from the breached devices before executing the encryption process. The threat actors also impose a time limit of 48 hours. If they do not receive a message from the victims within that time frame, they threaten to either sell the collected information to any interested third parties or to release it for free to the public. The text file mentions an additional communication channel in the form of a Skype account named Nitro22.
The entire message delivered via the text file is:
Unfortunately for you, a major IT security weakness left you open to attack, your files have been encrypted
If you want to restore them, write
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
We are always ready to cooperate and find the best way to solve your problem.
The faster you write, the more favorable the conditions will be for you.
Our company values its reputation. We give all guarantees of your files decryption
IF WE DONT SEE MESSAGES FROM YOU IN 48 HOURS - WE WILL SELL YOUR DATABASES AND IMPORTANT INFORMATION TO YOUR COMPETITORS,AFTER YOU WILL SEE IT AT OPEN SOURCE AND DARKNET
Start messaging with an incident ID and 2-3 test files up to 1mb
your unique ID'