Threat Database Ransomware Nochi Ransomware

Nochi Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 9
First Seen: March 15, 2023
Last Seen: March 28, 2023
OS(es) Affected: Windows

Nochi Ransomware is a destructive malware threat that can impact a large number of different file types. Ransomware threats are designed to take the data found on the breached devices hostage by locking it with an uncrackable cryptographic algorithm. Nochi Ransomware is not an exception. Furthermore, cybersecurity researchers have confirmed that the threat is part of the Chaos ransomware family.

After being activated, Nochi was observed encrypting files and modifying their filenames by appending a '.nochi' extension to the titles of the affected files. For example, a file initially named '1.jpg' would be renamed to '1.jpg.nochi,' '2.png' to '2.png.nochi', etc.

After the encryption process was completed, a ransom note named 'read_it.txt' was created and dropped onto the desktop of the infected machine. The ransom note contains instructions for the victim to follow in order to regain access to their encrypted files. The attackers usually demand payment in exchange for decryption, and failure to comply with their demands may result in permanent data loss.

Nochi Ransomware Demands Thousands of Dollars as Ransom

The ransom-demanding message informs victims that their data has been encrypted by ransomware, rendering it inaccessible. The message further states that the only way to regain access to the encrypted data is to purchase decryption tools from the attackers.

The ransom amount demanded in the message is $1,500, payable in Bitcoin cryptocurrency (BTC). However, it is important to note that the amount of Bitcoin listed at the bottom of the message - 0.1473766 BTC - does not correspond to the dollar amount demanded. At the time of writing, this sum is worth over $3,500. It is essential to remember that conversion rates for cryptocurrencies fluctuate constantly.

The message provides the attackers' cryptowallet address but does not contain any contact information. This lack of contact information makes it difficult for victims to negotiate with the attackers, increasing the likelihood that they will pay the ransom.

In most ransomware infections, decryption is usually impossible without the attackers' assistance. There are some exceptions where ransomware-type programs are still in development or have significant flaws, but these are rare. Furthermore, even when victims meet the ransom demands, there is no guarantee that the attackers will provide the promised decryption keys or software.

Therefore, it is not recommended to pay the ransom since data recovery is not guaranteed, and doing so supports the criminal activity. Instead, victims are encouraged to seek alternative options or use backups to restore their data.

Appropriate Response To a Ransomware Attack Can Mitigate the Damage Significantly

Ransomware attacks can be extremely harmful, and users should take immediate steps to mitigate any potential damage. The following are some recommended steps that users should take following a ransomware attack:

  1. Isolate the infected device: If possible, disconnect the device from the network to prevent the ransomware from spreading to other devices.
  2. Remove the ransomware: Run a malware scan on the infected device to identify and remove the ransomware. Depending on the extent of the infection, it may be necessary to reformat the hard drive and reinstall the operating system.
  3. Do not pay the ransom: It is not recommended to pay the ransom since there is no guarantee that the attackers will provide the promised decryption tools, and doing so supports criminal activity.
  4. Restore data from backups: If the user has backups of their data, they should restore the data from the backups. However, it is important to ensure that the backups are not infected with ransomware.
  5. Change passwords: It is recommended to change all passwords associated with the infected device, including email accounts, social media accounts, and online banking accounts.
  6. Update software: Ensure that all software and applications on the device are up-to-date with the latest security patches and updates.

By following these steps, users can mitigate the potential damage caused by a ransomware attack and prevent future attacks from occurring.

The full text of the ransom note dropped by Nochi Ransomware is:

All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps:// Bitpanda - hxxps:// Paxful

Payment informationAmount: 0.1473766 BTC
Bitcoin Address: 17CqMQFeuB3NTzJ2X28tfRmWaPyPQgvoHV


Most Viewed