Nitz Ransomware
A new ransomware threat has been detected by infosec reserachers. The malware is being tracked as Nitz Ransomware it is primarily designed to encrypt files on a compromised device. Victims will notice that the names of their files have been modified as the threat adds the '.nitz' extension. This modification means that a file named '1.jpg' would become '1.jpg.nitz' after encryption. Important detail about Nitz Ransomware is that it belongs to the infamous STOP/Djvu malware family.
In addition to encrypting files, Nitz generates a ransom note in the form of a file called '_readme.txt.' This file contains instructions for the victim to follow in order to pay the ransom and recover their encrypted files. The creators of Nitz demand a ransom in Bitcoin cryptocurrency and threaten to delete the encrypted files if the victim fails to comply.
It is important to note that STOP/Djvu threats like Nitz could be deployed alongside other malware, such as information-stealing malware like RedLine or Vidar. As such, users should be vigilant and take appropriate measures to protect their devices from infection by implementing robust security measures, such as regular software updates and antivirus scans.
The Nitz Ransomware Renderes the Affected Files Inaccessible
The ransom note generated by the Nitz ransomware provides contact and payment information to the victims and urges them to get in touch with the attackers within 72 hours to purchase the decryption tools. The attackers offer a discounted price of $490 instead of the original ransom amount of $980. The note emphasizes that without these tools, encrypted files cannot be restored, thus indicating the severity of the attack.
Additionally, the ransom note states that victims may send a unique encrypted file to the attackers for a supposedly free decryption, presumably as a demonstration of their capabilities to gain the victim's trust. The contact email addresses of the threat actors provided in the '_readme.txt' file are 'support@freshmail.top' and 'datarestorehelp@airmail.cc.'
It is crucial to note that paying a ransom does not guarantee that attackers will provide the promised decryption tool. Therefore, it is highly recommended not to pay the ransom, as it not only supports criminal activities but also does not guarantee that the encrypted files will be restored.
Having Robust Data Security is Crucial in Preventing Ransomware Attacks
Users can take several measures to protect their data from ransomware attacks. These measures include maintaining up-to-date security software and operating systems, avoiding clicking on suspicious links and opening unknown attachments, using strong passwords and two-factor authentication, regularly backing up their data, and educating themselves about ransomware attacks and how they work.
One crucial aspect of protecting against ransomware is to keep software and systems updated. This can help address any vulnerabilities that may be exploited by ransomware. Users should also be vigilant when it comes to emails, as phishing emails are a common way for ransomware to spread. Users should avoid clicking on any suspicious links or opening unknown attachments, as this can lead to the installation of ransomware.
Lastly, educating oneself about ransomware attacks can help users recognize and avoid potential threats. PC users should be aware of the latest ransomware trends, techniques, and tactics, as well as best practices for avoiding and responding to ransomware attacks. By approachinh proactiveiy and implementing these measures, users can reduce their chance of falling victim to a ransomware attack significantly.
The Nitz Ransomware's ransom note is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-v8HcfXTy5x
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
