Infosec researchers have identified a malware threat known as the Nnll Ransomware. If successful in infecting a system, this threat has the potential to cause significant harm. The emergence of Nnll is yet another example of cybercriminals continuously developing new variants based on the STOP/Djvu Ransomware family. It's important to note that threats from this family typically come with additional threatening payloads, such as infostealers like RedLine and Vidar, so users must remain vigilant.
The Nnll Ransomware uses an encryption algorithm that utilizes an unbreakable cryptographic algorithm to encrypt files stored on the targeted device. This encryption renders the files inaccessible to the user, and Nnll adds a new extension, '.nnll,' to the original name of each encrypted file. Additionally, Nnll drops a ransom demand as a text file named '_readme.txt,' which asks for the payment of a ransom in exchange for the decryption of the affected files.
The Nnll Ransomware Causes Severe Damage to Infected Systems
Nnll's ransom-demanding message is a notification that the victim's data has been encrypted, and the only way to recover the inaccessible files is by purchasing the decryption keys and software from the attackers. The message states that the recovery tools are priced at 980 USD, but if the victim establishes contact with the cybercriminals within 72 hours, the sum of the ransom will be reduced by 50% to 490 USD. The note also mentions that the victim can test decryption for free on a single file that does not contain valuable information.
It is extremely rare for decryption to be possible without the attackers' participation. The only exceptions are cases where the ransomware threat had severe flaws. Moreover, even if victims meet the ransom demands, there is no guarantee that they will receive the decryption tools. Therefore, paying the ransom is not recommended as it supports illegal activity, and data recovery is not guaranteed.
To prevent the Nnll Ransomware from encrypting more data, it is essential to remove it from the operating system. However, removing the ransomware will not restore any of the already affected files.
Implementing Effective Security Measures is Crucial
Implementing effective security measures is essential to protect your data from ransomware infections. Here are key steps users can take:
- Regularly Update Software: Keep your operating system, software, and applications up to date with the latest available patches. Ransomware often exploits known vulnerabilities.
- Use Strong, Unique Passwords: Create complex, unique passwords for your accounts and devices. A password manager can securely store and generate passwords.
- Enable Two-Factor Authentication (2FA): Activate 2FA whenever possible to apply an extra layer of security to your logins.
- Be Sceptical with Emails: Be vigilant about interacting with email attachments or clicking on links, especially from unknown or suspicious sources. Many ransomware attacks start with phishing emails.
- Backup Data Regularly: Set up automated and secure data backups. Store backups offline or in a separate location to prevent ransomware from encrypting them.
- Educate Yourself and Others: Stay informed about the latest ransomware threats and tactics. Train yourself and your family or colleagues to recognize and avoid phishing attempts.
- Install Security Software: Use reputable anti-malware software and ensure it is regularly updated to detect and prevent ransomware infections.
- Avoid Paying Ransoms: Refrain from paying ransoms, as there are no guarantees of data recovery, and it supports cybercriminals' activities.
By following these security measures, you can significantly reduce the probability of falling victim to ransomware attacks and better safeguard your data from encryption and extortion by cybercriminals.
Victims of the Nnll Ransomware are left with the following ransom note:
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted
with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
Reserve e-mail address to contact us:
Your personal ID:'