Niwm Ransomware
Analysis of the Niwm malware threat has confirmed that it belongs to the ransomware classification. Like all ransomware, Niwm is designed to encrypt files on a victim's computer, making them inaccessible to the user. In the case of Niwm, it appends the '.niwm' extension to the original filenames of encrypted files. For example, a file named '1.jpg' would be renamed to '1.jpg.niwm' after being encrypted by Niwm. The threat is yet another dangerous ransomware variant belonging to the STOP/Djvu malware family.
Additionally, Niwm drops a ransom note named '_readme.txt' in every directory that contains encrypted files. This note informs the victim that their files have been encrypted and that they will need to pay a ransom in order to obtain the decryption key. It is worth noting that STOP/Djvu ransomware is often distributed alongside other malware, such as information stealers like RedLine and Vidar. This means that victims of Niwm may also have had their sensitive information stolen, in addition to having their files encrypted.
The Niwm Ransomware Demands a Ransom Payment from Its Victims
The ransom note left by Niwm ransomware informs victims that they will need to acquire decodrrsoftware and a unique key to recover access to their encrypted files. The attackers demand a fee of $980 to obtain these tools. However, victims who contact the threat actors via the specified email addresses within 72 hours may be able to negotiate a lower ransom fee of $490.
To provide some assurance to victims, the ransom note offers the possibility of submitting one encrypted file for a free decryption attempt before committing to paying the ransom or buying the decryption tools. However, it's important to note that the successful decryption of one file does not guarantee that the rest of the encrypted files will be recoverable.
It is highly recommended that victims do not pay the ransom, as there are no guarantees that the attackers will send the necessary decryption tools even after receiving payment. In fact, paying the ransom may even encourage attackers to continue their criminal activities, leading to more victims falling prey to their malicious schemes.
Make Sure to Protect Your Data and Devices from Ransomware Threats
To protect data and devices from ransomware threats, users should take several measures to safeguard themselves.
First, they should always keep their software, operating system, and security software up to date with the latest security patches and updates. This can prevent attackers from exploiting known vulnerabilities in outdated software.
Users should exercise caution when opening links or downloading attachments from unknown or suspicious sources. This includes being vigilant of phishing emails that attempt to trick users into divulging personal information or downloading malicious files.
It's important to have a robust backup system in place. Backing up data regularly ensures that users have a copy of their important files in case they become encrypted or inaccessible due to ransomware attacks.
Lastly, users should also consider using security software that includes anti-ransomware features, as this can find and block ransomware infections before they can encrypt files. Additionally, it's important to stay informed about the latest ransomware threats and security measures, and to educate oneself on safe computing practices to dimimish the odds of becoming victim to a ransomware attack.
Niwm Ransomware’s ransom-demanding message is:
'ATTENTION!
Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-v8HcfXTy5x
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:
support@freshmail.topReserve e-mail address to contact us:
datarestorehelp@airmail.ccYour personal ID:'
