The Nmc Ransomware behaves as a typical threat of this type. It aims to infect the targeted computers and then cripple them via an encryption routine. It should be noted that infosec researchers have determined that the Nmc Ransomware is part of the Dharma malware family.
The threat is capable of locking numerous popular files types and renders them inaccessible and unusable. The threat marks each encrypted file by adding a unique ID, an email address, and a new extension to that file's original name. The email address is 'firstname.lastname@example.org' while the file extension is '.nmc.'
The next step of the threat is to deliver its ransom note with instructions for the victims. The Nmc Ransomware employs two different messages. A truncated version is placed inside a text file named 'info.txt.' It simply tells users to contact either the 'email@example.com' or 'firstname.lastname@example.org' email addresses to receive further details. However, the full ransom note will be presented as a pop-up window displayed on the screen of the compromised system. It also directs users to contact the two emails but concludes with several warnings, such as not renaming the locked files or trying to decrypt them with third-party tools as that could lead to permanent damage to the data.
The text found inside the 'info.txt' file is:
'all your data has been locked us
You want to return?
write email email@example.com or firstname.lastname@example.org.'
The pop-up window displays the following message:
'YOUR FILES ARE ENCRYPTED
1100110 1101001 1101100 1100101
Don't worry, you can return all your files!
If you want to restore them, write to the mail: email@example.com YOUR ID -
If you have not answered by mail within 12 hours, write to us by another mail:firstname.lastname@example.org
We recommend you contact us directly to avoid overpaying agents
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'