NMCRYPT Ransomware
The NMCRYPT Ransomware is a generic file encryption Trojan that was detected in the middle of April 2018. The NMCRYPT Ransomware is a file encoder Trojan that is designed to make data unreadable and convince users to pay a fee for unlocking content on the infected computers. The NMCRYPT Ransomware is nearly identical to hundreds of variants of the HiddenTear open-source ransomware and compromised users are unable to use the Shadow Volume snapshots made by Windows to recover. Unfortunately, the NMCRYPT Ransomware disables the native recovery features on Windows, and you need third-party applications to rebuild your data.
The NMCRYPT Ransomware is known to encipher audio, video, photos, databases, text, presentations, spreadsheets and databases. Affected files feature a generic white icon that looks like a white sheet of paper and Windows does not generate thumbnails for encrypted images and presentations. Computer security researchers have reported that the NMCRYPT Ransomware marks affected files with the 'NMCRYPT!' marker and "help" victims estimate how much data was encrypted. For example, 'Battle of Manila (1945).pptx' is renamed to 'Battle of Manila (1945).pptx.NMCRYPT!' Instructions on how to deliver payment can be found on the desktop in the form of an HTML file that reads:
'Your Key: [RANDOM CHARCTERS]
Encrypted files!
All your files are encrypted.Using AES256-bit encryption and RSA-2048-bit encryption. Making it impossible to recover files without the correct private key. If you are interested in getting is the key and recover your files You should proceed with the following steps.
The only way to decrypt your files safely is to buy the Descrypt and Private Key software. Any attempts to restore your files with the third-party software will be fatal for your files!
Important use Firefox or Chrome browser To proceed with the purchase you must access one of the link below • h[ttp]s://1y1h3ugyzay3Ihrd[.]onion.tor • h[ttp]s://lylt3ugyzay31hrd[.]onion.linki
If neither of the links is online for a long period of time, there is another way to open it. you should install the Tor Browser'
The team behind the NMCRYPT Ransomware might use an email account on the Protonmail service to negotiate with PC users who have been infected. There may be people who are interested in paying the "decryption fee" and resolving the problem as soon as possible. We should point out that the NMCRYPT Ransomware operators may trick users into paying the money and a decryptor may not be sent to your email account. It is recommended to run a credible backup service on your system and terminate the NMCRYPT Ransomware with a reliable anti-malware scanner. AV companies tag the resources created by the NMCRYPT Ransomware as:
- Generic.Ransom.XRatLocker.5E892A47
- Ransom.Haknata.S1240226
- Ransom_AIRACROP.SM
- TR/AD.RansomHeur.hcfxr
- Trojan ( 00500c371 )
- Trojan.Win32.Deshacop.enxprt
- W32/Generic.AC.3EF6CE!tr
- W32/Ransom.IS.gen!Eldorado
- Win32.Trojan-Ransom.XPan.B
