The STOP Ransomware family is one of the most popular ransomware families in the past two years. Countless cyber crooks have borrowed the code of the STOP Ransomware and made their own variants of the threat. One of the newest data-locking Trojans that fall in this category is the Nlah Ransomware – a new copy of the STOP Ransomware.
Propagation and Encryption
Cybercriminals who distribute ransomware threats can use various, different propagation techniques. Some of the most favored ones include malvertising campaigns, fraudulent pirated copies of popular games or applications, fake software updates and downloads, phishing emails that contain corrupted attachments or links, etc. Threats like the Nlah Ransomware are programmed to target a wide array of filetypes such as documents, images, databases, audio files, archives, videos, presentations, spreadsheets, etc. If the Nlah Ransomware compromises your computer, most of your files will undergo an encryption process and will not be usable. All the locked files will have their names changed as the Nlah Ransomware adds an extension to their names – '.nlah.' For example, a file named 'desert-eye.png' will be renamed to 'desert-eye.png.nlah.'
The Ransom Note
The Nlah Ransomware would drop a ransom note on the user's system named '_readme.txt.' There are numerous key points outlined in the ransom message of the attackers:
- The initial ransom fee is $490.
- Users who fail to pay up within 72 hours of the attack taking place will have to pay double the price - $980.
- The authors of the Nlah Ransomware are willing to decrypt one file for free.
- There are a couple of email addresses where the victim can contact the attackers – ‘email@example.com' and ‘firstname.lastname@example.org.'
Users who give in and pay the ransom fee demanded by cybercriminals are often left empty-handed, so there is no valid point in wasting your hard-earned cash. Instead, you should eradicate the Nlah Ransomware from your computer with the help of a genuine anti-malware suite.